+ cafile = ServerInstance->Config->Paths.PrependConfig(Conf->getString("cafile", "ca.pem"));
+ crlfile = ServerInstance->Config->Paths.PrependConfig(Conf->getString("crlfile", "crl.pem"));
+ certfile = ServerInstance->Config->Paths.PrependConfig(Conf->getString("certfile", "cert.pem"));
+ keyfile = ServerInstance->Config->Paths.PrependConfig(Conf->getString("keyfile", "key.pem"));
+ int dh_bits = Conf->getInt("dhbits");
+ std::string hashname = Conf->getString("hash", "md5");
+
+ // The GnuTLS manual states that the gnutls_set_default_priority()
+ // call we used previously when initializing the session is the same
+ // as setting the "NORMAL" priority string.
+ // Thus if the setting below is not in the config we will behave exactly
+ // the same as before, when the priority setting wasn't available.
+ std::string priorities = Conf->getString("priority", "NORMAL");
+
+ if((dh_bits != 768) && (dh_bits != 1024) && (dh_bits != 2048) && (dh_bits != 3072) && (dh_bits != 4096))
+ dh_bits = 1024;
+
+ iohook.dh_bits = dh_bits;
+
+ // As older versions of gnutls can't do this, let's disable it where needed.
+#ifdef GNUTLS_HAS_MAC_GET_ID
+ // As gnutls_digest_algorithm_t and gnutls_mac_algorithm_t are mapped 1:1, we can do this
+ // There is no gnutls_dig_get_id() at the moment, but it may come later
+ iohook.hash = (gnutls_digest_algorithm_t)gnutls_mac_get_id(hashname.c_str());
+ if (iohook.hash == GNUTLS_DIG_UNKNOWN)
+ throw ModuleException("Unknown hash type " + hashname);
+
+ // Check if the user is walking around with their head in the ass,
+ // giving us something that is a valid MAC but not digest
+ gnutls_hash_hd_t is_digest;
+ if (gnutls_hash_init(&is_digest, iohook.hash) < 0)
+ throw ModuleException("Unknown hash type " + hashname);
+ gnutls_hash_deinit(is_digest, NULL);
+#else
+ if (hashname == "md5")
+ iohook.hash = GNUTLS_DIG_MD5;
+ else if (hashname == "sha1")
+ iohook.hash = GNUTLS_DIG_SHA1;
+ else
+ throw ModuleException("Unknown hash type " + hashname);
+#endif
+
+ int ret;
+
+ if (dh_alloc)