From 103b53c1384d0c48d03c198685452d057c8a8d99 Mon Sep 17 00:00:00 2001 From: Nikos Date: Fri, 30 Nov 2007 22:07:11 +0200 Subject: Depend on libgcrypt 1.2.4 again (lose DSA2 functionality). --- configure.in | 2 +- lib/x509/dsa.c | 7 +++++++ src/certtool.c | 7 ++++++- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 9def41ac1b..52870e6cbb 100644 --- a/configure.in +++ b/configure.in @@ -46,7 +46,7 @@ AC_SUBST(SOVERSION) dnl for opencdk needs also change in the test GNUTLS_OPENCDK_VERSION=0.6.5 -GNUTLS_GCRYPT_VERSION=1:1.3.0 +GNUTLS_GCRYPT_VERSION=1:1.2.4 GNUTLS_LIBTASN1_VERSION=0.3.4 AC_DEFINE_UNQUOTED(GNUTLS_GCRYPT_VERSION, "$GNUTLS_GCRYPT_VERSION", [version of gcrypt]) AC_DEFINE_UNQUOTED(GNUTLS_LIBTASN1_VERSION, "$GNUTLS_LIBTASN1_VERSION", [version of libtasn1]) diff --git a/lib/x509/dsa.c b/lib/x509/dsa.c index 51485695e9..69ed4684c2 100644 --- a/lib/x509/dsa.c +++ b/lib/x509/dsa.c @@ -39,6 +39,13 @@ _gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits) int ret; gcry_sexp_t parms, key, list; + /* FIXME: Remove me once we depend on 1.3.1 */ + if (bits > 1024 && gcry_check_version("1.3.1")==NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + if (bits < 512) { gnutls_assert (); diff --git a/src/certtool.c b/src/certtool.c index d58ff291ad..4cd585541e 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -123,7 +123,12 @@ generate_private_key_int (void) int ret, key_type; if (info.dsa) - key_type = GNUTLS_PK_DSA; + { + key_type = GNUTLS_PK_DSA; + /* FIXME: Remove me once we depend on 1.3.x */ + if (info.bits > 1024 && gcrypt_check_version("1.3.1")==NULL) + info.bits = 1024; + } else key_type = GNUTLS_PK_RSA; -- cgit v1.2.1