dnsdist: Remove the leak warning with GnuTLS >= 3.7.3

author Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 14 Feb 2022 16:43:11 +0000 (17:43 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 14 Feb 2022 16:43:11 +0000 (17:43 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 14 Feb 2022 16:43:11 +0000 (17:43 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 14 Feb 2022 16:43:11 +0000 (17:43 +0100)
diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc

index 81fb4775dfc0ac092cc2e6a199653a8c22294a9e..8bdad5c0fcb25bab1d9d2e95060588e15dcd7223 100644 (file)
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -1574,9 +1574,10 @@ public:
  
      if (params.d_validateCertificates) {
        if (params.d_caStore.empty()) {
-#if GNUTLS_VERSION_NUMBER >= 0x030700
+#if GNUTLS_VERSION_NUMBER >= 0x030700 && GNUTLS_VERSION_NUMBER < 0x030703
+        /* see https://gitlab.com/gnutls/gnutls/-/issues/1277 */
          std::cerr<<"Warning: GnuTLS >= 3.7.0 has a known memory leak when validating server certificates in some configurations (PKCS11 support enabled, and a default PKCS11 trust store), please consider using the OpenSSL provider for outgoing connections instead, or explicitely setting a CA store"<<std::endl;
-#endif /* GNUTLS_VERSION_NUMBER >= 0x030700 */
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030700 && GNUTLS_VERSION_NUMBER < 0x030703 */
          rc = gnutls_certificate_set_x509_system_trust(d_creds.get());
          if (rc < 0) {
            throw std::runtime_error("Error adding the system's default trusted CAs: " + std::string(gnutls_strerror(rc)));
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 14 Feb 2022 16:43:11 +0000 (17:43 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 14 Feb 2022 16:43:11 +0000 (17:43 +0100)