Mercurial > dovecot > core-2.2

changeset 623:3fa9e363cd3d HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL fixes and doc updates.
author Timo Sirainen <tss@iki.fi>
date Wed, 20 Nov 2002 16:18:05 +0200
parents 235188ee7a05
children 8bc4876397cd
files INSTALL configure.in src/master/ssl-init-gnutls.c
diffstat 3 files changed, 28 insertions(+), 28 deletions(-) [+]
line wrap: on
line diff
--- a/INSTALL	Wed Nov 20 16:05:13 2002 +0200
+++ b/INSTALL	Wed Nov 20 16:18:05 2002 +0200
@@ -19,8 +19,12 @@
 SSL/TLS
 -------
 
-GNUTLS v0.5.5 or later is required to enable SSL and TLS support. OpenSSL
-isn't supported. You can get GNUTLS from http://www.gnutls.org/
+Dovecot supports both GNUTLS and OpenSSL. Dovecot prefers GNUTLS if it's
+found, but fallbacks to OpenSSL. If you wish to force using OpenSSL, give
+--with-ssl=openssl to configure.
+
+For GNUTLS support you need version 0.5.5 or later. You can get GNUTLS from
+http://www.gnutls.org/
 
 
 Optional configure options
@@ -70,6 +74,6 @@
 Specify which authentication modules to use. Disabling them give you a few
 bytes smaller binary, but not much else.
 
-  --with-gnutls           Build with GNUTLS (default)
+  --with-ssl=gnutls|openssl Build with GNUTLS (default) or OpenSSL
 
-Use GNUTLS for SSL and TLS support.
+Specify wanted SSL library.
--- a/configure.in	Wed Nov 20 16:05:13 2002 +0200
+++ b/configure.in	Wed Nov 20 16:18:05 2002 +0200
@@ -359,39 +359,34 @@
 dnl ** SSL
 dnl **
 
+have_ssl=no
+
 if test $want_gnutls = yes; then
 	AC_CHECK_LIB(gnutls, gnutls_global_init, [
-		AC_DEFINE(HAVE_SSL)
-		AC_DEFINE(HAVE_GNUTLS)
-		SSL_LIBS="-lgnutls -lgcrypt"
-		AC_SUBST(SSL_LIBS)
-		have_ssl="yes (GNUTLS)"
-		have_gnutls=yes
-	], [
-		have_ssl=no
+		AC_CHECK_HEADERS(gnutls/gnutls.h, [
+			AC_DEFINE(HAVE_SSL)
+			AC_DEFINE(HAVE_GNUTLS)
+			SSL_LIBS="-lgnutls -lgcrypt"
+			AC_SUBST(SSL_LIBS)
+			have_ssl="yes (GNUTLS)"
+			have_gnutls=yes
+		])
 	], -lgcrypt)
-else
-	have_ssl=no
 fi
 
 if test "$want_openssl" = "yes" -a "$have_ssl" = "no"; then
 	AC_CHECK_LIB(ssl, SSL_read, [
-		AC_CHECK_LIB(crypto, X509_new, [
-			AC_CHECK_HEADERS(openssl/ssl.h openssl/err.h, [
-				AC_DEFINE(HAVE_SSL)
-				AC_DEFINE(HAVE_OPENSSL)
-				SSL_LIBS="-lssl -lcrypto"
-				AC_SUBST(SSL_LIBS)
-				have_ssl="yes (OpenSSL)"
-				have_openssl=yes
-			])
+		AC_CHECK_HEADERS(openssl/ssl.h openssl/err.h, [
+			AC_DEFINE(HAVE_SSL)
+			AC_DEFINE(HAVE_OPENSSL)
+			SSL_LIBS="-lssl -lcrypto"
+			AC_SUBST(SSL_LIBS)
+			have_ssl="yes (OpenSSL)"
+			have_openssl=yes
 		])
 	])
 fi
 
-AM_CONDITIONAL(SSL_GNUTLS, test "$have_gnutls" = "yes")
-AM_CONDITIONAL(SSL_OPENSSL, test "$have_openssl" = "yes")
-
 dnl **
 dnl ** shadow/pam support
 dnl **
--- a/src/master/ssl-init-gnutls.c	Wed Nov 20 16:05:13 2002 +0200
+++ b/src/master/ssl-init-gnutls.c	Wed Nov 20 16:18:05 2002 +0200
@@ -6,6 +6,7 @@
 
 #ifdef HAVE_GNUTLS
 
+#include <stdlib.h>
 #include <gnutls/gnutls.h>
 
 static int prime_nums[] = { 768, 1024, 0 };
@@ -76,8 +77,8 @@
 			gnutls_strerror(ret));
 	}
 
-	generate_dh_parameters(fd, temp_fname);
-	generate_rsa_parameters(fd, temp_fname);
+	generate_dh_parameters(fd, fname);
+	generate_rsa_parameters(fd, fname);
 
 	gnutls_global_deinit();
 }