On 2012-05-16 at 22:23 -0400, Phil Pennock wrote: > So, the current stable release of GnuTLS is 3.0.x; they only distribute > with .xz or .lz compression extensions, which might explain why the OS > packagers seem to still be on GnuTLS 2. > > The current 2 branch is GnuTLS 2.12.x. > > The old 2 branch is GnuTLS 2.10.x.
2.10.x is still in use, and I see that GnuTLS folks are ... "inconsistent" about identifying which version a new feature was added in, so I was led astray in thinking the functions were more portable than they are. I pulled gnutls.git and checked out the various origin/$release_branches and the ChangeLog files therein, to get a better idea of what's going on. Okay, gnutls_sec_param_to_pk_bits() and gnutls_rnd() appear to both be new in 2.12.x. So here's my current plan: * make the gnutls_rnd usage guarded on 2.12.x+, by guarding the vaguely_random_number() definition better, so we go back to "no better randomness" for older gnutls. * Go back to a hard-coded number of bits, the same constant as before, using the old filename, if the gnutls version is too old; this should sort out the other _PK_ constant issue too. * ensure this all builds on 2.10.x and 2.12.x. * push, get feedback, see if that also solves 2.8.x. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
