Gitweb:
https://git.exim.org/exim.git/commitdiff/c1cea16d93da8e47aa0d29e79d9b854cf2c50951
Commit: c1cea16d93da8e47aa0d29e79d9b854cf2c50951
Parent: 017de05c182145de9b46b5f8e730d928bd30abb3
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Feb 23 22:35:22 2020 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sun Feb 23 22:59:14 2020 +0000
GnuTLS: avoid hang in older library, in selfsigned-cert creation
---
src/src/tls-gnu.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index e28ad9b..f2fbeab 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -53,6 +53,9 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
# warning "GnuTLS library version too old; tls:cert event unsupported"
# define DISABLE_EVENT
#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030000
+# define SUPPORT_SELFSIGN /* Uncertain what version is first usable but 2.12.23 is not */
+#endif
#if GNUTLS_VERSION_NUMBER >= 0x030306
# define SUPPORT_CA_DIR
#else
@@ -824,13 +827,19 @@ gnutls_x509_privkey_t pkey = NULL;
const uschar * where;
int rc;
+#ifndef SUPPORT_SELFSIGN
+where = US"library too old";
+rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+if (TRUE) goto err;
+#endif
+
where = US"initialising pkey";
if ((rc = gnutls_x509_privkey_init(&pkey))) goto err;
where = US"initialising cert";
if ((rc = gnutls_x509_crt_init(&cert))) goto err;
-where = US"generating pkey";
+where = US"generating pkey"; /* Hangs on 2.12.23 */
if ((rc = gnutls_x509_privkey_generate(pkey, GNUTLS_PK_RSA,
#ifdef SUPPORT_PARAM_TO_PK_BITS
# ifndef GNUTLS_SEC_PARAM_MEDIUM