oldcflags="$CFLAGS"
LIBS="$LIBS $GNUTLS_LIBS"
CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
- AC_CHECK_FUNC(gnutls_dtls_set_data_mtu,
- [AC_DEFINE(HAVE_GNUTLS_DTLS_SET_DATA_MTU, 1, [From GnuTLS 3.0.20])], [])
AC_CHECK_FUNC(gnutls_pkcs11_get_raw_issuer,
[AC_DEFINE(HAVE_GNUTLS_PKCS11_GET_RAW_ISSUER, 1, [From GnuTLS 3.2.7])], [])
AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
return -EIO;
}
-#ifdef HAVE_GNUTLS_DTLS_SET_DATA_MTU
/* Make sure GnuTLS's idea of the MTU is sufficient to take
a full VPN MTU (with 1-byte header) in a data record. */
err = gnutls_dtls_set_data_mtu(vpninfo->dtls_ssl, vpninfo->ip_info.mtu + 1);
gnutls_strerror(err));
goto error;
}
-#else
- /* If we don't have gnutls_dtls_set_data_mtu() then make sure
- we leave enough headroom by adding the worst-case overhead.
- We only support AES128-CBC and DES-CBC3-SHA anyway, so
- working out the worst case isn't hard. */
- gnutls_dtls_set_mtu(vpninfo->dtls_ssl,
- vpninfo->ip_info.mtu + DTLS_OVERHEAD);
-#endif
}
vpninfo->dtls_state = DTLS_CONNECTED;
projects / users / dwmw2 / openconnect.git / commitdiff