On Wed, Nov 16, 2016 at 04:23:41PM +0100, Christian Ehrhardt wrote: > A recent change in gnutls that was released with 3.5.6 changed the > behavior of dname en- and decoding to follow RFC4514. > > That breaks the related tests which failed validation in > virNetTLSContextCheckCertDNWhitelist due to the strings no more matching > in the fnmatch check. > > The fix is a gnutls version dependent definition of the wildcard strings > used by the tests (older gnutls versions require the old order). > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> > --- > tests/virnettlssessiontest.c | 28 ++++++++++++++++++++++++++++ > 1 file changed, 28 insertions(+) NACK, the gnutls changes are being reverted by upstream and IMHO if any distro is shipping 3.5.6 they should revert them too, as the change was a semantic break in gnutls API that will in turn break any libvirt deployments using this feature when upgraded Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list