[Dovecot] Dovecot won't build against recent version of GnuTLS
Hi all,
Dovecot won't build against recent versions of GnuTLS. The problem starts on line 34 of src/master/ssl-init-gnutls.c, where Dovecot generates DH params using gnutls_dh_params_generate(), a function which no longer exists [replaced with gnutls_dh_params_generate2()].
I'd fix it myself, but the signature of the function has changed to take gnutls_dh_params_t rather than prime & generator, and I'm not keen on hacking SSL code unless I really understand what's going on. It looks like the code goes on to save & free those values.
I'm tracking HG and am happy to test any changes. Appreciate it if someone with more knowledge of GnuTLS and perhaps this code in particular could take a look.
Thanks, J
Jasper Bryant-Greene wrote:
Hi all,
Dovecot won't build against recent versions of GnuTLS. The problem starts on line 34 of src/master/ssl-init-gnutls.c, where Dovecot generates DH params using gnutls_dh_params_generate(), a function which no longer exists [replaced with gnutls_dh_params_generate2()].
I'd fix it myself, but the signature of the function has changed to take gnutls_dh_params_t rather than prime & generator, and I'm not keen on hacking SSL code unless I really understand what's going on. It looks like the code goes on to save & free those values.
I'm tracking HG and am happy to test any changes. Appreciate it if someone with more knowledge of GnuTLS and perhaps this code in particular could take a look.
Thanks, J
For sometime now the INSTALL file has carried the note:
SSL/TLS
-------
Dovecot used to support both GNUTLS and OpenSSL libraries, but nowadays
only the OpenSSL code is working.
-- Like feeling your best ever, all day, every day? Email join@RadicalHealth.com for the easy way.
On Tue, Jul 31, 2007 at 06:46:35AM -0500, David Favor wrote:
Jasper Bryant-Greene wrote:
Dovecot won't build against recent versions of GnuTLS. The problem starts on line 34 of src/master/ssl-init-gnutls.c, where Dovecot generates DH params using gnutls_dh_params_generate(), a function which no longer exists [replaced with gnutls_dh_params_generate2()]. I'd fix it myself, but the signature of the function has changed to take gnutls_dh_params_t rather than prime & generator, and I'm not keen on hacking SSL code unless I really understand what's going on. It looks like the code goes on to save & free those values. I'm tracking HG and am happy to test any changes. Appreciate it if someone with more knowledge of GnuTLS and perhaps this code in particular could take a look.
Dovecot used to support both GNUTLS and OpenSSL libraries, but nowadays only the OpenSSL code is working.
Does anyone know how much effort would be involved in making Dovecot work with GNUTLS again? I need to deploy in an environment where using OpenSSL is not possible.
If I can get an indication of how close to a working state the existing code is, I might be keen to sort it out myself.
J
On Wed, 2007-08-01 at 16:09 +1200, Jasper Bryant-Greene wrote:
Does anyone know how much effort would be involved in making Dovecot work with GNUTLS again? I need to deploy in an environment where using OpenSSL is not possible.
If I can get an indication of how close to a working state the existing code is, I might be keen to sort it out myself.
I was using GNUTLS a bit wrong, so it would need pretty much a rewrite if you want to avoid random hangs.
participants (4)
-
David Favor
-
Jasper Bryant-Greene
-
Jasper Bryant-Greene
-
Timo Sirainen