From 298de588dacb292791088c155fc347082a39ca80 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <github@coredump.fr>
Date: Mon, 14 Feb 2022 19:03:24 +0100
Subject: [PATCH] Better GnuTLS warning as suggested by Matt Nordhoff

Co-authored-by: Matt Nordhoff <mnordhoff@mattnordhoff.com>
---
 pdns/tcpiohandler.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index 8bdad5c0fc..9e47fe2b3b 100644
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -1576,7 +1576,7 @@ public:
       if (params.d_caStore.empty()) {
 #if GNUTLS_VERSION_NUMBER >= 0x030700 && GNUTLS_VERSION_NUMBER < 0x030703
         /* see https://gitlab.com/gnutls/gnutls/-/issues/1277 */
-        std::cerr<<"Warning: GnuTLS >= 3.7.0 has a known memory leak when validating server certificates in some configurations (PKCS11 support enabled, and a default PKCS11 trust store), please consider using the OpenSSL provider for outgoing connections instead, or explicitely setting a CA store"<<std::endl;
+        std::cerr<<"Warning: GnuTLS 3.7.0 - 3.7.2 have a memory leak when validating server certificates in some configurations (PKCS11 support enabled, and a default PKCS11 trust store), please consider upgrading GnuTLS, using the OpenSSL provider for outgoing connections, or explicitly setting a CA store"<<std::endl;
 #endif /* GNUTLS_VERSION_NUMBER >= 0x030700 && GNUTLS_VERSION_NUMBER < 0x030703 */
         rc = gnutls_certificate_set_x509_system_trust(d_creds.get());
         if (rc < 0) {
-- 
2.47.2