diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index bdbf01855d..acfc4f9323 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -54,7 +54,6 @@ struct _virNetTLSContext { virObjectLockable parent; gnutls_certificate_credentials_t x509cred; - gnutls_dh_params_t dhParams; bool isServer; bool requireValidCert; @@ -709,40 +708,6 @@ static virNetTLSContext *virNetTLSContextNew(const char *cacert, if (virNetTLSContextLoadCredentials(ctxt, isServer, cacert, cacrl, cert, key) < 0) goto error; - /* Generate Diffie Hellman parameters - for use with DHE - * kx algorithms. These should be discarded and regenerated - * once a day, once a week or once a month. Depending on the - * security requirements. - */ - if (isServer) { - unsigned int bits = 0; - - bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_MEDIUM); - if (bits == 0) { - virReportError(VIR_ERR_SYSTEM_ERROR, "%s", - _("Unable to get key length for diffie-hellman parameters")); - goto error; - } - - err = gnutls_dh_params_init(&ctxt->dhParams); - if (err < 0) { - virReportError(VIR_ERR_SYSTEM_ERROR, - _("Unable to initialize diffie-hellman parameters: %s"), - gnutls_strerror(err)); - goto error; - } - err = gnutls_dh_params_generate2(ctxt->dhParams, bits); - if (err < 0) { - virReportError(VIR_ERR_SYSTEM_ERROR, - _("Unable to generate diffie-hellman parameters: %s"), - gnutls_strerror(err)); - goto error; - } - - gnutls_certificate_set_dh_params(ctxt->x509cred, - ctxt->dhParams); - } - ctxt->requireValidCert = requireValidCert; ctxt->x509dnACL = x509dnACL; ctxt->isServer = isServer; @@ -754,8 +719,6 @@ static virNetTLSContext *virNetTLSContextNew(const char *cacert, return ctxt; error: - if (isServer) - gnutls_dh_params_deinit(ctxt->dhParams); virObjectUnref(ctxt); return NULL; } @@ -950,9 +913,6 @@ int virNetTLSContextReloadForServer(virNetTLSContext *ctxt, if (virNetTLSContextLoadCredentials(ctxt, true, cacert, cacrl, cert, key)) goto error; - gnutls_certificate_set_dh_params(ctxt->x509cred, - ctxt->dhParams); - gnutls_certificate_free_credentials(x509credBak); return 0; @@ -1156,7 +1116,6 @@ void virNetTLSContextDispose(void *obj) "ctxt=%p", ctxt); g_free(ctxt->priority); - gnutls_dh_params_deinit(ctxt->dhParams); gnutls_certificate_free_credentials(ctxt->x509cred); } diff --git a/tests/virrandommock.c b/tests/virrandommock.c index e295f74446..2673230cf7 100644 --- a/tests/virrandommock.c +++ b/tests/virrandommock.c @@ -20,8 +20,6 @@ #ifndef WIN32 -# include - # include "internal.h" # include "virrandom.h" # include "virmock.h" @@ -57,40 +55,6 @@ int virRandomGenerateWWN(char **wwn, return 0; } - -static int (*real_gnutls_dh_params_generate2)(gnutls_dh_params_t dparams, - unsigned int bits); - -static gnutls_dh_params_t params_cache; -static unsigned int cachebits; - -int -gnutls_dh_params_generate2(gnutls_dh_params_t dparams, - unsigned int bits) -{ - int rc = 0; - - VIR_MOCK_REAL_INIT(gnutls_dh_params_generate2); - - if (!params_cache) { - if (gnutls_dh_params_init(¶ms_cache) < 0) { - fprintf(stderr, "Error initializing params cache"); - abort(); - } - rc = real_gnutls_dh_params_generate2(params_cache, bits); - - if (rc < 0) - return rc; - cachebits = bits; - } - - if (cachebits != bits) { - fprintf(stderr, "Requested bits do not match the cached value"); - abort(); - } - - return gnutls_dh_params_cpy(dparams, params_cache); -} #else /* WIN32 */ /* Can't mock on WIN32 */ #endif