Mercurial > dovecot > core-2.2
changeset 623:3fa9e363cd3d HEAD
SSL fixes and doc updates.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 20 Nov 2002 16:18:05 +0200 |
parents | 235188ee7a05 |
children | 8bc4876397cd |
files | INSTALL configure.in src/master/ssl-init-gnutls.c |
diffstat | 3 files changed, 28 insertions(+), 28 deletions(-) [+] |
line wrap: on
line diff
--- a/INSTALL Wed Nov 20 16:05:13 2002 +0200 +++ b/INSTALL Wed Nov 20 16:18:05 2002 +0200 @@ -19,8 +19,12 @@ SSL/TLS ------- -GNUTLS v0.5.5 or later is required to enable SSL and TLS support. OpenSSL -isn't supported. You can get GNUTLS from http://www.gnutls.org/ +Dovecot supports both GNUTLS and OpenSSL. Dovecot prefers GNUTLS if it's +found, but fallbacks to OpenSSL. If you wish to force using OpenSSL, give +--with-ssl=openssl to configure. + +For GNUTLS support you need version 0.5.5 or later. You can get GNUTLS from +http://www.gnutls.org/ Optional configure options @@ -70,6 +74,6 @@ Specify which authentication modules to use. Disabling them give you a few bytes smaller binary, but not much else. - --with-gnutls Build with GNUTLS (default) + --with-ssl=gnutls|openssl Build with GNUTLS (default) or OpenSSL -Use GNUTLS for SSL and TLS support. +Specify wanted SSL library.
--- a/configure.in Wed Nov 20 16:05:13 2002 +0200 +++ b/configure.in Wed Nov 20 16:18:05 2002 +0200 @@ -359,39 +359,34 @@ dnl ** SSL dnl ** +have_ssl=no + if test $want_gnutls = yes; then AC_CHECK_LIB(gnutls, gnutls_global_init, [ - AC_DEFINE(HAVE_SSL) - AC_DEFINE(HAVE_GNUTLS) - SSL_LIBS="-lgnutls -lgcrypt" - AC_SUBST(SSL_LIBS) - have_ssl="yes (GNUTLS)" - have_gnutls=yes - ], [ - have_ssl=no + AC_CHECK_HEADERS(gnutls/gnutls.h, [ + AC_DEFINE(HAVE_SSL) + AC_DEFINE(HAVE_GNUTLS) + SSL_LIBS="-lgnutls -lgcrypt" + AC_SUBST(SSL_LIBS) + have_ssl="yes (GNUTLS)" + have_gnutls=yes + ]) ], -lgcrypt) -else - have_ssl=no fi if test "$want_openssl" = "yes" -a "$have_ssl" = "no"; then AC_CHECK_LIB(ssl, SSL_read, [ - AC_CHECK_LIB(crypto, X509_new, [ - AC_CHECK_HEADERS(openssl/ssl.h openssl/err.h, [ - AC_DEFINE(HAVE_SSL) - AC_DEFINE(HAVE_OPENSSL) - SSL_LIBS="-lssl -lcrypto" - AC_SUBST(SSL_LIBS) - have_ssl="yes (OpenSSL)" - have_openssl=yes - ]) + AC_CHECK_HEADERS(openssl/ssl.h openssl/err.h, [ + AC_DEFINE(HAVE_SSL) + AC_DEFINE(HAVE_OPENSSL) + SSL_LIBS="-lssl -lcrypto" + AC_SUBST(SSL_LIBS) + have_ssl="yes (OpenSSL)" + have_openssl=yes ]) ]) fi -AM_CONDITIONAL(SSL_GNUTLS, test "$have_gnutls" = "yes") -AM_CONDITIONAL(SSL_OPENSSL, test "$have_openssl" = "yes") - dnl ** dnl ** shadow/pam support dnl **
--- a/src/master/ssl-init-gnutls.c Wed Nov 20 16:05:13 2002 +0200 +++ b/src/master/ssl-init-gnutls.c Wed Nov 20 16:18:05 2002 +0200 @@ -6,6 +6,7 @@ #ifdef HAVE_GNUTLS +#include <stdlib.h> #include <gnutls/gnutls.h> static int prime_nums[] = { 768, 1024, 0 }; @@ -76,8 +77,8 @@ gnutls_strerror(ret)); } - generate_dh_parameters(fd, temp_fname); - generate_rsa_parameters(fd, temp_fname); + generate_dh_parameters(fd, fname); + generate_rsa_parameters(fd, fname); gnutls_global_deinit(); }