removed some debugs

[citadel.git] / citadel / modules / crypto / serv_crypto.h

diff --git a/citadel/modules/crypto/serv_crypto.h b/citadel/modules/crypto/serv_crypto.h
index 650b8e94ac36f245902dbedc48ee957fa9645d0b..b5ee85d53bd970058333422d20ce73e017134254 100644 (file)
--- a/citadel/modules/crypto/serv_crypto.h
+++ b/citadel/modules/crypto/serv_crypto.h
@@ -2,16 +2,13 @@
 /*
  * Number of days for which self-signed certs are valid.
  */
-#define SIGN_DAYS      3650    /* Ten years */
+#define SIGN_DAYS      1100    // Just over three years
 
-/* Shared Diffie-Hellman parameters */
-#define DH_P           "1A74527AEE4EE2568E85D4FB2E65E18C9394B9C80C42507D7A6A0DBE9A9A54B05A9A96800C34C7AA5297095B69C88901EEFD127F969DCA26A54C0E0B5C5473EBAEB00957D2633ECAE3835775425DE66C0DE6D024DBB17445E06E6B0C78415E589B8814F08531D02FD43778451E7685541079CFFB79EF0D26EFEEBBB69D1E80383"
-#define DH_G           "2"
-#define DH_L           1024
-#define CIT_CIPHERS    "ALL:RC4+RSA:+SSLv2:+TLSv1:!MD5:@STRENGTH"      /* see ciphers(1) */
+// Which ciphers will be offered; see https://www.openssl.org/docs/manmaster/man1/ciphers.html
+#define CIT_CIPHERS    "ALL:RC4+RSA:+SSLv2:+TLSv1:!MD5:@STRENGTH"
 
 #ifdef HAVE_OPENSSL
-void destruct_ssl(void);
+#define OPENSSL_NO_KRB5                /* work around redhat b0rken ssl headers */
 void init_ssl(void);
 void client_write_ssl (const char *buf, int nbytes);
 int client_read_sslbuffer(StrBuf *buf, int timeout);
@@ -20,7 +17,6 @@ int client_read_sslblob(StrBuf *Target, long want_len, int timeout);
 void cmd_stls(char *params);
 void cmd_gtls(char *params);
 void endtls(void);
-void ssl_lock(int mode, int n, const char *file, int line);
 void CtdlStartTLS(char *ok_response, char *nosup_response, char *error_response);
 extern SSL_CTX *ssl_ctx;