Re: [exim-dev] GnuTLS status

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: Jeremy Harris, exim-dev
Betreff: Re: [exim-dev] GnuTLS status
On 2012-05-16 at 22:23 -0400, Phil Pennock wrote:
> So, the current stable release of GnuTLS is 3.0.x; they only distribute
> with .xz or .lz compression extensions, which might explain why the OS
> packagers seem to still be on GnuTLS 2.
>
> The current 2 branch is GnuTLS 2.12.x.
>
> The old 2 branch is GnuTLS 2.10.x.


2.10.x is still in use, and I see that GnuTLS folks are ...
"inconsistent" about identifying which version a new feature was added
in, so I was led astray in thinking the functions were more portable
than they are.

I pulled gnutls.git and checked out the various origin/$release_branches
and the ChangeLog files therein, to get a better idea of what's going
on.

Okay, gnutls_sec_param_to_pk_bits() and gnutls_rnd() appear to both be
new in 2.12.x. So here's my current plan:

* make the gnutls_rnd usage guarded on 2.12.x+, by guarding the
vaguely_random_number() definition better, so we go back to "no better
randomness" for older gnutls.

* Go back to a hard-coded number of bits, the same constant as before,
using the old filename, if the gnutls version is too old; this should
sort out the other _PK_ constant issue too.

* ensure this all builds on 2.10.x and 2.12.x.

* push, get feedback, see if that also solves 2.8.x.

-Phil