To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/mandos-client.c
- browse files at revision 1232
- compare with another revision
- download diff
- download tarball
- view history from revision 1232
- Committer: Teddy Hogeborn
- Date: 2021-02-01 19:30:45 UTC
- Revision ID: teddy@recompile.se-20210201193045-lpg6aprpc4srem6k
Fix issue with french translation
Initial white space was missing in both msgid and msgstr of the french
translation, leading to checking tools reporing an incomplete
translation. The string is a raw command line command, and therefore
did not need translation, so this was never a user-visible issue.
* debian/po/fr.po: Add missing whitespace to the id and translation
for msgid " mandos-keygen -F/dev/null|grep ^key_id".
Initial white space was missing in both msgid and msgstr of the french
translation, leading to checking tools reporing an incomplete
translation. The string is a raw command line command, and therefore
did not need translation, so this was never a user-visible issue.
* debian/po/fr.po: Add missing whitespace to the id and translation
for msgid " mandos-keygen -F/dev/null|grep ^key_id".
- files added:
- debian/mandos-client.templates
- debian/tests
- dracut-module
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
plugins.d/mandos-client.c
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2018 Teddy Hogeborn
13
* Copyright © 2008-2018 Björn Påhlsson
12
* Copyright © 2008-2020 Teddy Hogeborn
13
* Copyright © 2008-2020 Björn Påhlsson
14
14
*
15
15
* This file is part of Mandos.
16
16
*
80
80
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
81
81
getuid(), getgid(), seteuid(),
82
82
setgid(), pause(), _exit(),
83
unlinkat() */
83
unlinkat(), lstat(), symlink() */
84
84
#include <arpa/inet.h> /* inet_pton(), htons() */
85
85
#include <iso646.h> /* not, or, and */
86
86
#include <argp.h> /* struct argp_option, error_t, struct
123
123
gnutls_*
124
124
init_gnutls_session(),
125
125
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
126
127
#include <gnutls/openpgp.h>
127
128
/* gnutls_certificate_set_openpgp_key_file(),
128
129
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
129
135
130
136
/* GPGME */
131
137
#include <gpgme.h> /* All GPGME types, constants and
139
145
#define PATHDIR "/conf/conf.d/mandos"
140
146
#define SECKEY "seckey.txt"
141
147
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
142
150
#define HOOKDIR "/lib/mandos/network-hooks.d"
143
151
144
152
bool debug = false;
272
280
return true;
273
281
}
274
282
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
275
335
/*
276
336
* Initialize GPGME.
277
337
*/
297
357
return false;
298
358
}
299
359
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
if(clock_settime(CLOCK_REALTIME, &keystat.st_mtim) != 0){
400
perror_plus("clock_settime");
401
}
402
ret = lower_privileges();
403
if(ret != 0){
404
errno = ret;
405
perror_plus("Failed to lower privileges");
406
}
407
} while(false);
408
300
409
rc = gpgme_data_new_from_fd(&pgp_data, fd);
301
410
if(rc != GPG_ERR_NO_ERROR){
302
411
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
310
419
gpgme_strsource(rc), gpgme_strerror(rc));
311
420
return false;
312
421
}
422
{
423
gpgme_import_result_t import_result
424
= gpgme_op_import_result(mc->ctx);
425
if((import_result->imported < 1
426
or import_result->not_imported > 0)
427
and import_result->unchanged == 0){
428
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
429
fprintf_plus(stderr,
430
"The total number of considered keys: %d\n",
431
import_result->considered);
432
fprintf_plus(stderr,
433
"The number of keys without user ID: %d\n",
434
import_result->no_user_id);
435
fprintf_plus(stderr,
436
"The total number of imported keys: %d\n",
437
import_result->imported);
438
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
439
import_result->imported_rsa);
440
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
441
import_result->unchanged);
442
fprintf_plus(stderr, "The number of new user IDs: %d\n",
443
import_result->new_user_ids);
444
fprintf_plus(stderr, "The number of new sub keys: %d\n",
445
import_result->new_sub_keys);
446
fprintf_plus(stderr, "The number of new signatures: %d\n",
447
import_result->new_signatures);
448
fprintf_plus(stderr, "The number of new revocations: %d\n",
449
import_result->new_revocations);
450
fprintf_plus(stderr,
451
"The total number of secret keys read: %d\n",
452
import_result->secret_read);
453
fprintf_plus(stderr,
454
"The number of imported secret keys: %d\n",
455
import_result->secret_imported);
456
fprintf_plus(stderr,
457
"The number of unchanged secret keys: %d\n",
458
import_result->secret_unchanged);
459
fprintf_plus(stderr, "The number of keys not imported: %d\n",
460
import_result->not_imported);
461
for(gpgme_import_status_t import_status
462
= import_result->imports;
463
import_status != NULL;
464
import_status = import_status->next){
465
fprintf_plus(stderr, "Import status for key: %s\n",
466
import_status->fpr);
467
if(import_status->result != GPG_ERR_NO_ERROR){
468
fprintf_plus(stderr, "Import result: %s: %s\n",
469
gpgme_strsource(import_status->result),
470
gpgme_strerror(import_status->result));
471
}
472
fprintf_plus(stderr, "Key status:\n");
473
fprintf_plus(stderr,
474
import_status->status & GPGME_IMPORT_NEW
475
? "The key was new.\n"
476
: "The key was not new.\n");
477
fprintf_plus(stderr,
478
import_status->status & GPGME_IMPORT_UID
479
? "The key contained new user IDs.\n"
480
: "The key did not contain new user IDs.\n");
481
fprintf_plus(stderr,
482
import_status->status & GPGME_IMPORT_SIG
483
? "The key contained new signatures.\n"
484
: "The key did not contain new signatures.\n");
485
fprintf_plus(stderr,
486
import_status->status & GPGME_IMPORT_SUBKEY
487
? "The key contained new sub keys.\n"
488
: "The key did not contain new sub keys.\n");
489
fprintf_plus(stderr,
490
import_status->status & GPGME_IMPORT_SECRET
491
? "The key contained a secret key.\n"
492
: "The key did not contain a secret key.\n");
493
}
494
return false;
495
}
496
}
313
497
314
498
ret = close(fd);
315
499
if(ret == -1){
356
540
/* Create new GPGME "context" */
357
541
rc = gpgme_new(&(mc->ctx));
358
542
if(rc != GPG_ERR_NO_ERROR){
359
fprintf_plus(stderr, "Mandos plugin mandos-client: "
360
"bad gpgme_new: %s: %s\n", gpgme_strsource(rc),
361
gpgme_strerror(rc));
543
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
544
gpgme_strsource(rc), gpgme_strerror(rc));
362
545
return false;
363
546
}
364
547
400
583
/* Create new empty GPGME data buffer for the plaintext */
401
584
rc = gpgme_data_new(&dh_plain);
402
585
if(rc != GPG_ERR_NO_ERROR){
403
fprintf_plus(stderr, "Mandos plugin mandos-client: "
404
"bad gpgme_data_new: %s: %s\n",
586
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
405
587
gpgme_strsource(rc), gpgme_strerror(rc));
406
588
gpgme_data_release(dh_crypto);
407
589
return -1;
429
611
if(result->file_name != NULL){
430
612
fprintf_plus(stderr, "File name: %s\n", result->file_name);
431
613
}
432
gpgme_recipient_t recipient;
433
recipient = result->recipients;
434
while(recipient != NULL){
614
615
for(gpgme_recipient_t r = result->recipients; r != NULL;
616
r = r->next){
435
617
fprintf_plus(stderr, "Public key algorithm: %s\n",
436
gpgme_pubkey_algo_name
437
(recipient->pubkey_algo));
438
fprintf_plus(stderr, "Key ID: %s\n", recipient->keyid);
618
gpgme_pubkey_algo_name(r->pubkey_algo));
619
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
439
620
fprintf_plus(stderr, "Secret key available: %s\n",
440
recipient->status == GPG_ERR_NO_SECKEY
441
? "No" : "Yes");
442
recipient = recipient->next;
621
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
443
622
}
444
623
}
445
624
}
527
706
const char *dhparamsfilename,
528
707
mandos_context *mc){
529
708
int ret;
530
unsigned int uret;
531
709
532
710
if(debug){
533
711
fprintf_plus(stderr, "Initializing GnuTLS\n");
550
728
}
551
729
552
730
if(debug){
553
fprintf_plus(stderr, "Attempting to use OpenPGP public key %s and"
554
" secret key %s as GnuTLS credentials\n",
731
fprintf_plus(stderr, "Attempting to use public key %s and"
732
" private key %s as GnuTLS credentials\n",
555
733
pubkeyfilename,
556
734
seckeyfilename);
557
735
}
558
736
737
#if GNUTLS_VERSION_NUMBER >= 0x030606
738
ret = gnutls_certificate_set_rawpk_key_file
739
(mc->cred, pubkeyfilename, seckeyfilename,
740
GNUTLS_X509_FMT_PEM, /* format */
741
NULL, /* pass */
742
/* key_usage */
743
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
744
NULL, /* names */
745
0, /* names_length */
746
/* privkey_flags */
747
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
748
0); /* pkcs11_flags */
749
#elif GNUTLS_VERSION_NUMBER < 0x030600
559
750
ret = gnutls_certificate_set_openpgp_key_file
560
751
(mc->cred, pubkeyfilename, seckeyfilename,
561
752
GNUTLS_OPENPGP_FMT_BASE64);
753
#else
754
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
755
#endif
562
756
if(ret != GNUTLS_E_SUCCESS){
563
757
fprintf_plus(stderr,
564
"Error[%d] while reading the OpenPGP key pair ('%s',"
758
"Error[%d] while reading the key pair ('%s',"
565
759
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
566
760
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
567
761
safer_gnutls_strerror(ret));
638
832
}
639
833
if(dhparamsfilename == NULL){
640
834
if(mc->dh_bits == 0){
835
#if GNUTLS_VERSION_NUMBER < 0x030600
641
836
/* Find out the optimal number of DH bits */
642
837
/* Try to read the private key file */
643
838
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
723
918
}
724
919
}
725
920
}
726
uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
921
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
727
922
if(uret != 0){
728
923
mc->dh_bits = uret;
729
924
if(debug){
741
936
safer_gnutls_strerror(ret));
742
937
goto globalfail;
743
938
}
744
} else if(debug){
745
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
746
mc->dh_bits);
747
}
748
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
749
if(ret != GNUTLS_E_SUCCESS){
750
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
751
" bits): %s\n", mc->dh_bits,
752
safer_gnutls_strerror(ret));
753
goto globalfail;
939
#endif
940
} else { /* dh_bits != 0 */
941
if(debug){
942
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
943
mc->dh_bits);
944
}
945
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
946
if(ret != GNUTLS_E_SUCCESS){
947
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
948
" bits): %s\n", mc->dh_bits,
949
safer_gnutls_strerror(ret));
950
goto globalfail;
951
}
952
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
754
953
}
755
954
}
756
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
757
955
758
956
return 0;
759
957
770
968
int ret;
771
969
/* GnuTLS session creation */
772
970
do {
773
ret = gnutls_init(session, GNUTLS_SERVER);
971
ret = gnutls_init(session, (GNUTLS_SERVER
972
#if GNUTLS_VERSION_NUMBER >= 0x030506
973
| GNUTLS_NO_TICKETS
974
#endif
975
#if GNUTLS_VERSION_NUMBER >= 0x030606
976
| GNUTLS_ENABLE_RAWPK
977
#endif
978
));
774
979
if(quit_now){
775
980
return -1;
776
981
}
824
1029
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
825
1030
__attribute__((unused)) const char *txt){}
826
1031
827
/* Set effective uid to 0, return errno */
828
__attribute__((warn_unused_result))
829
int raise_privileges(void){
830
int old_errno = errno;
831
int ret = 0;
832
if(seteuid(0) == -1){
833
ret = errno;
834
}
835
errno = old_errno;
836
return ret;
837
}
838
839
/* Set effective and real user ID to 0. Return errno. */
840
__attribute__((warn_unused_result))
841
int raise_privileges_permanently(void){
842
int old_errno = errno;
843
int ret = raise_privileges();
844
if(ret != 0){
845
errno = old_errno;
846
return ret;
847
}
848
if(setuid(0) == -1){
849
ret = errno;
850
}
851
errno = old_errno;
852
return ret;
853
}
854
855
/* Set effective user ID to unprivileged saved user ID */
856
__attribute__((warn_unused_result))
857
int lower_privileges(void){
858
int old_errno = errno;
859
int ret = 0;
860
if(seteuid(uid) == -1){
861
ret = errno;
862
}
863
errno = old_errno;
864
return ret;
865
}
866
867
/* Lower privileges permanently */
868
__attribute__((warn_unused_result))
869
int lower_privileges_permanently(void){
870
int old_errno = errno;
871
int ret = 0;
872
if(setuid(uid) == -1){
873
ret = errno;
874
}
875
errno = old_errno;
876
return ret;
877
}
878
879
1032
/* Helper function to add_local_route() and delete_local_route() */
880
1033
__attribute__((nonnull, warn_unused_result))
881
1034
static bool add_delete_local_route(const bool add,
920
1073
ret = setgid(0);
921
1074
if(ret == -1){
922
1075
perror_plus("setgid");
1076
close(devnull);
923
1077
_exit(EX_NOPERM);
924
1078
}
925
1079
/* Reset supplementary groups */
927
1081
ret = setgroups(0, NULL);
928
1082
if(ret == -1){
929
1083
perror_plus("setgroups");
1084
close(devnull);
930
1085
_exit(EX_NOPERM);
931
1086
}
932
1087
}
933
1088
ret = dup2(devnull, STDIN_FILENO);
934
1089
if(ret == -1){
935
1090
perror_plus("dup2(devnull, STDIN_FILENO)");
1091
close(devnull);
936
1092
_exit(EX_OSERR);
937
1093
}
938
1094
ret = close(devnull);
939
1095
if(ret == -1){
940
1096
perror_plus("close");
941
_exit(EX_OSERR);
942
1097
}
943
1098
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
944
1099
if(ret == -1){
979
1134
}
980
1135
if(pid == -1){
981
1136
perror_plus("fork");
1137
close(devnull);
982
1138
return false;
983
1139
}
1140
ret = close(devnull);
1141
if(ret == -1){
1142
perror_plus("close");
1143
}
984
1144
int status;
985
1145
pid_t pret = -1;
986
1146
errno = 0;
2307
2467
2308
2468
int main(int argc, char *argv[]){
2309
2469
mandos_context mc = { .server = NULL, .dh_bits = 0,
2470
#if GNUTLS_VERSION_NUMBER >= 0x030606
2471
.priority = "SECURE128:!CTYPE-X.509"
2472
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2473
":%PROFILE_ULTRA",
2474
#elif GNUTLS_VERSION_NUMBER < 0x030600
2310
2475
.priority = "SECURE256:!CTYPE-X.509"
2311
2476
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2477
#else
2478
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2479
#endif
2312
2480
.current_server = NULL, .interfaces = NULL,
2313
2481
.interfaces_size = 0 };
2314
2482
AvahiSServiceBrowser *sb = NULL;
2325
2493
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2326
2494
const char *seckey = PATHDIR "/" SECKEY;
2327
2495
const char *pubkey = PATHDIR "/" PUBKEY;
2496
#if GNUTLS_VERSION_NUMBER >= 0x030606
2497
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2498
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2499
#endif
2328
2500
const char *dh_params_file = NULL;
2329
2501
char *interfaces_hooks = NULL;
2330
2502
2378
2550
{ .name = "pubkey", .key = 'p',
2379
2551
.arg = "FILE",
2380
2552
.doc = "OpenPGP public key file base name",
2381
.group = 2 },
2553
.group = 1 },
2554
{ .name = "tls-privkey", .key = 't',
2555
.arg = "FILE",
2556
#if GNUTLS_VERSION_NUMBER >= 0x030606
2557
.doc = "TLS private key file base name",
2558
#else
2559
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2560
#endif
2561
.group = 1 },
2562
{ .name = "tls-pubkey", .key = 'T',
2563
.arg = "FILE",
2564
#if GNUTLS_VERSION_NUMBER >= 0x030606
2565
.doc = "TLS public key file base name",
2566
#else
2567
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2568
#endif
2569
.group = 1 },
2382
2570
{ .name = "dh-bits", .key = 129,
2383
2571
.arg = "BITS",
2384
2572
.doc = "Bit length of the prime number used in the"
2440
2628
case 'p': /* --pubkey */
2441
2629
pubkey = arg;
2442
2630
break;
2631
case 't': /* --tls-privkey */
2632
#if GNUTLS_VERSION_NUMBER >= 0x030606
2633
tls_privkey = arg;
2634
#endif
2635
break;
2636
case 'T': /* --tls-pubkey */
2637
#if GNUTLS_VERSION_NUMBER >= 0x030606
2638
tls_pubkey = arg;
2639
#endif
2640
break;
2443
2641
case 129: /* --dh-bits */
2444
2642
errno = 0;
2445
2643
tmpmax = strtoimax(arg, &tmp, 10);
2480
2678
argp_state_help(state, state->out_stream,
2481
2679
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2482
2680
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2681
__builtin_unreachable();
2483
2682
case -3: /* --usage */
2484
2683
argp_state_help(state, state->out_stream,
2485
2684
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2685
__builtin_unreachable();
2486
2686
case 'V': /* --version */
2487
2687
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2488
2688
exit(argp_err_exit_status);
2515
2715
}
2516
2716
2517
2717
{
2518
/* Work around Debian bug #633582:
2519
<https://bugs.debian.org/633582> */
2520
2521
2718
/* Re-raise privileges */
2522
2719
ret = raise_privileges();
2523
2720
if(ret != 0){
2526
2723
} else {
2527
2724
struct stat st;
2528
2725
2726
/* Work around Debian bug #633582:
2727
<https://bugs.debian.org/633582> */
2728
2529
2729
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2530
2730
int seckey_fd = open(seckey, O_RDONLY);
2531
2731
if(seckey_fd == -1){
2590
2790
}
2591
2791
}
2592
2792
2793
/* Work around Debian bug #981302
2794
<https://bugs.debian.org/981302> */
2795
if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){
2796
ret = symlink("/proc/self/fd", "/dev/fd");
2797
if(ret == -1){
2798
perror_plus("Failed to create /dev/fd symlink");
2799
}
2800
}
2801
2593
2802
/* Lower privileges */
2594
2803
ret = lower_privileges();
2595
2804
if(ret != 0){
2799
3008
goto end;
2800
3009
}
2801
3010
3011
#if GNUTLS_VERSION_NUMBER >= 0x030606
3012
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3013
#elif GNUTLS_VERSION_NUMBER < 0x030600
2802
3014
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3015
#else
3016
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3017
#endif
2803
3018
if(ret == -1){
2804
3019
fprintf_plus(stderr, "init_gnutls_global failed\n");
2805
3020
exitcode = EX_UNAVAILABLE;
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0