mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-10-26 08:55:18 +03:00
resolved: require at least version 3.6.0 of GnuTLS for DNS-over-TLS
Increase the required version to ensure TLS 1.3 is always supported when using GnuTLS for DNS-over-TLS and allow further changes to use recent API additions.
This commit is contained in:
parent
644ee25461
commit
38e053c58f
2
README
2
README
@ -155,7 +155,7 @@ REQUIREMENTS:
|
|||||||
libmicrohttpd (optional)
|
libmicrohttpd (optional)
|
||||||
libpython (optional)
|
libpython (optional)
|
||||||
libidn2 or libidn (optional)
|
libidn2 or libidn (optional)
|
||||||
gnutls >= 3.1.4 (optional, >= 3.5.3 is required to support DNS-over-TLS with gnutls)
|
gnutls >= 3.1.4 (optional, >= 3.6.0 is required to support DNS-over-TLS with gnutls)
|
||||||
openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)
|
openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)
|
||||||
elfutils >= 158 (optional)
|
elfutils >= 158 (optional)
|
||||||
polkit (optional)
|
polkit (optional)
|
||||||
|
@ -1199,7 +1199,7 @@ if dns_over_tls != 'false'
|
|||||||
if dns_over_tls == 'openssl'
|
if dns_over_tls == 'openssl'
|
||||||
have_gnutls = false
|
have_gnutls = false
|
||||||
else
|
else
|
||||||
have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.5.3'))
|
have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.6.0'))
|
||||||
if dns_over_tls == 'gnutls' and not have_gnutls
|
if dns_over_tls == 'gnutls' and not have_gnutls
|
||||||
error('DNS-over-TLS support was requested with gnutls, but dependencies are not available')
|
error('DNS-over-TLS support was requested with gnutls, but dependencies are not available')
|
||||||
endif
|
endif
|
||||||
|
@ -9,11 +9,7 @@
|
|||||||
#include "resolved-dns-stream.h"
|
#include "resolved-dns-stream.h"
|
||||||
#include "resolved-dnstls.h"
|
#include "resolved-dnstls.h"
|
||||||
|
|
||||||
#if GNUTLS_VERSION_NUMBER >= 0x030600
|
|
||||||
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2"
|
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2"
|
||||||
#else
|
|
||||||
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2"
|
|
||||||
#endif
|
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(gnutls_session_t, gnutls_deinit);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(gnutls_session_t, gnutls_deinit);
|
||||||
|
|
||||||
static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) {
|
static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) {
|
||||||
|
Loading…
Reference in New Issue
Block a user