#include "inspircd.h"
+#ifndef _WIN32
#include <gcrypt.h>
+#endif
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include "ssl.h"
#include "m_cap.h"
#ifdef _WIN32
-# pragma comment(lib, "libgnutls.lib")
-# pragma comment(lib, "libgcrypt.lib")
-# pragma comment(lib, "libgpg-error.lib")
-# pragma comment(lib, "user32.lib")
-# pragma comment(lib, "advapi32.lib")
-# pragma comment(lib, "libgcc.lib")
-# pragma comment(lib, "libmingwex.lib")
-# pragma comment(lib, "gdi32.lib")
+# pragma comment(lib, "libgnutls-28.lib")
#endif
/* $ModDesc: Provides SSL support for clients */
/* $LinkerFlags: rpath("pkg-config --libs gnutls") pkgconflibs("gnutls","/libgnutls.so","-lgnutls") exec("libgcrypt-config --libs") */
/* $NoPedantic */
+#ifndef GNUTLS_VERSION_MAJOR
+#define GNUTLS_VERSION_MAJOR LIBGNUTLS_VERSION_MAJOR
+#define GNUTLS_VERSION_MINOR LIBGNUTLS_VERSION_MINOR
+#define GNUTLS_VERSION_PATCH LIBGNUTLS_VERSION_PATCH
+#endif
+
// These don't exist in older GnuTLS versions
-#if ((GNUTLS_VERSION_MAJOR > 2) || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR > 1) || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR == 1 && GNUTLS_VERSION_MICRO >= 7))
+#if ((GNUTLS_VERSION_MAJOR > 2) || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR > 1) || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR == 1 && GNUTLS_VERSION_PATCH >= 7))
#define GNUTLS_NEW_PRIO_API
#endif
typedef gnutls_dh_params_t gnutls_dh_params;
#endif
+#if (defined(_WIN32) && (GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 12)))
+# define GNUTLS_HAS_RND
+# include <gnutls/crypto.h>
+#else
+# include <gcrypt.h>
+#endif
+
enum issl_status { ISSL_NONE, ISSL_HANDSHAKING_READ, ISSL_HANDSHAKING_WRITE, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED };
static std::vector<gnutls_x509_crt_t> x509_certs;
RandGen() {}
void Call(char* buffer, size_t len)
{
+#ifdef GNUTLS_HAS_RND
+ gnutls_rnd(GNUTLS_RND_RANDOM, buffer, len);
+#else
gcry_randomize(buffer, len, GCRY_STRONG_RANDOM);
+#endif
}
};
ModuleSSLGnuTLS()
: starttls(this), capHandler(this, "tls"), iohook(this, "ssl/gnutls", SERVICE_IOHOOK)
{
+#ifndef GNUTLS_HAS_RND
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+#endif
sessions = new issl_session[ServerInstance->SE->GetMaxFds()];
#ifdef GNUTLS_NEW_PRIO_API
gnutls_priority_set(session->sess, priority);
+ #else
+ gnutls_set_default_priority(session->sess);
#endif
gnutls_credentials_set(session->sess, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_dh_set_prime_bits(session->sess, dh_bits);