We need to use the gnutls_priority_set_direct method which was not introduced until 2.1.7, so bump version to 2.2.0 which is the first stable release with it included. This release dates from Dec 2007 so it is reasonable to ditch support for the 1.x.x series for gnutls releases entirely. Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- configure.ac | 2 +- src/Makefile.am | 1 - src/gnutls_1_0_compat.h | 43 ------------------------------------------- src/rpc/virnettlscontext.c | 11 ----------- tests/virnettlshelpers.h | 1 - 5 files changed, 1 insertion(+), 57 deletions(-) delete mode 100644 src/gnutls_1_0_compat.h diff --git a/configure.ac b/configure.ac index 74c33b3..42eaa82 100644 --- a/configure.ac +++ b/configure.ac @@ -117,7 +117,7 @@ fi dnl Required minimum versions of all libs we depend on LIBXML_REQUIRED="2.6.0" -GNUTLS_REQUIRED="1.0.25" +GNUTLS_REQUIRED="2.2.0" POLKIT_REQUIRED="0.6" PARTED_REQUIRED="1.8.0" DEVMAPPER_REQUIRED=1.0.0 diff --git a/src/Makefile.am b/src/Makefile.am index 12b66c2..2ad400d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -436,7 +436,6 @@ remote/qemu_client_bodies.h: $(srcdir)/rpc/gendispatch.pl \ > $(srcdir)/remote/qemu_client_bodies.h REMOTE_DRIVER_SOURCES = \ - gnutls_1_0_compat.h \ remote/remote_driver.c remote/remote_driver.h \ $(REMOTE_DRIVER_GENERATED) diff --git a/src/gnutls_1_0_compat.h b/src/gnutls_1_0_compat.h deleted file mode 100644 index b006e2b..0000000 --- a/src/gnutls_1_0_compat.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * gnutls_1_0_compat.h: GnuTLS 1.0 compatibility - * - * Copyright (C) 2007, 2013 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library. If not, see - * <http://www.gnu.org/licenses/>. - * - * Author: Richard W.M. Jones <rjones@xxxxxxxxxx> - */ - -#ifndef LIBVIRT_GNUTLS_1_0_COMPAT_H__ -# define LIBVIRT_GNUTLS_1_0_COMPAT_H__ - -# include <gnutls/gnutls.h> - -/* enable backward compatibility macros for gnutls 1.x.y */ -# if LIBGNUTLS_VERSION_MAJOR < 2 -# define GNUTLS_1_0_COMPAT -# endif - -# ifdef GNUTLS_1_0_COMPAT -# define gnutls_session_t gnutls_session -# define gnutls_x509_crt_t gnutls_x509_crt -# define gnutls_dh_params_t gnutls_dh_params -# define gnutls_transport_ptr_t gnutls_transport_ptr -# define gnutls_datum_t gnutls_datum -# define gnutls_certificate_credentials_t gnutls_certificate_credentials -# define gnutls_cipher_algorithm_t gnutls_cipher_algorithm -# endif - -#endif /* LIBVIRT_GNUTLS_1_0_COMPAT_H__ */ diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 6e78623..fa9ca41 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -29,7 +29,6 @@ # include <gnutls/crypto.h> #endif #include <gnutls/x509.h> -#include "gnutls_1_0_compat.h" #include "virnettlscontext.h" #include "virstring.h" @@ -170,7 +169,6 @@ static int virNetTLSContextCheckCertTimes(gnutls_x509_crt_t cert, } -#ifndef GNUTLS_1_0_COMPAT /* * The gnutls_x509_crt_get_basic_constraints function isn't * available in GNUTLS 1.0.x branches. This isn't critical @@ -219,7 +217,6 @@ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert, return 0; } -#endif static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert, @@ -438,11 +435,9 @@ static int virNetTLSContextCheckCert(gnutls_x509_crt_t cert, isServer, isCA) < 0) return -1; -#ifndef GNUTLS_1_0_COMPAT if (virNetTLSContextCheckCertBasicConstraints(cert, certFile, isServer, isCA) < 0) return -1; -#endif if (virNetTLSContextCheckCertKeyUsage(cert, certFile, isCA) < 0) @@ -489,10 +484,8 @@ static int virNetTLSContextCheckCertPair(gnutls_x509_crt_t cert, if (status & GNUTLS_CERT_REVOKED) reason = _("The certificate has been revoked."); -#ifndef GNUTLS_1_0_COMPAT if (status & GNUTLS_CERT_INSECURE_ALGORITHM) reason = _("The certificate uses an insecure algorithm"); -#endif virReportError(VIR_ERR_SYSTEM_ERROR, _("Our own certificate %s failed validation against %s: %s"), @@ -1022,10 +1015,8 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt, if (status & GNUTLS_CERT_REVOKED) reason = _("The certificate has been revoked."); -#ifndef GNUTLS_1_0_COMPAT if (status & GNUTLS_CERT_INSECURE_ALGORITHM) reason = _("The certificate uses an insecure algorithm"); -#endif virReportError(VIR_ERR_SYSTEM_ERROR, _("Certificate failed validation: %s"), @@ -1088,13 +1079,11 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt, /* !sess->isServer, since on the client, we're validating the * server's cert, and on the server, the client's cert */ -#ifndef GNUTLS_1_0_COMPAT if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]", !sess->isServer, false) < 0) { gnutls_x509_crt_deinit(cert); goto authdeny; } -#endif if (virNetTLSContextCheckCertKeyUsage(cert, "[session]", false) < 0) { diff --git a/tests/virnettlshelpers.h b/tests/virnettlshelpers.h index 3f6afb9..48e7431 100644 --- a/tests/virnettlshelpers.h +++ b/tests/virnettlshelpers.h @@ -22,7 +22,6 @@ #include <gnutls/x509.h> #if !defined WIN32 && HAVE_LIBTASN1_H && LIBGNUTLS_VERSION_NUMBER >= 0x020600 -# include "gnutls_1_0_compat.h" # include <libtasn1.h> -- 2.5.5 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list