X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Ftlsproxy.c;h=1ccee20c22ab16b541f39e2adee26c65f5d6a30a;hb=d87efa4a7a6285603950f5780ef57a72b651c8e9;hp=ee65febba68ef14445effc63d32851660b3cadef;hpb=3eebfbd0b124c034d57e9ddba051e82fe99ba05f;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/tlsproxy.c b/src/tlsproxy.c
index ee65feb..1ccee20 100644
--- a/src/tlsproxy.c
+++ b/src/tlsproxy.c
@@ -24,6 +24,7 @@
 #include "connection.h"
 
 #include <arpa/inet.h>
+#include <assert.h>
 #include <errno.h>
 #include <pthread.h>
 #include <signal.h>
@@ -31,6 +32,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
+#include <limits.h>
 
 #if GNUTLS_VERSION_NUMBER <= 0x020b00
 /* Necessary for GnuTLS when used with threads. */
@@ -375,7 +377,7 @@ static void initialize_gnutls(void) {
     gnutls_datum_t dh_parameters_datum;
 
 /* Recent versions of GnuTLS automatically initialize the cryptography layer
- * in gnutls_global_init(). */
+ * in gnutls_global_init(), including a thread-safe setup. */
 #if GNUTLS_VERSION_NUMBER <= 0x020b00
     gcry_error_t error;
 
@@ -395,6 +397,12 @@ static void initialize_gnutls(void) {
     }
 #endif
 
+    if (gnutls_check_version(GNUTLS_VERSION) == NULL) {
+        fprintf(stderr, "gnutls_check_version(): version mismatch, "
+                        "expected at least '" GNUTLS_VERSION "'\n");
+        exit(EXIT_FAILURE);
+    }
+
     /* Initialize GnuTLS. */
     result = gnutls_global_init();
     GNUTLS_ERROR_EXIT(result, "gnutls_global_init()");
@@ -416,7 +424,8 @@ static void initialize_gnutls(void) {
         exit(EXIT_FAILURE);
     }
     dh_parameters_datum.data = (unsigned char *)dh_parameters;
-    dh_parameters_datum.size = strlen(dh_parameters);
+    assert(strlen(dh_parameters) <= UINT_MAX);
+    dh_parameters_datum.size = (unsigned int)(strlen(dh_parameters));
 
     result = gnutls_dh_params_init(&global_tls_dh_params);
     GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_init()");