Re: [PATCH] Fix build with gnutls 1.0.x branch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Jul 26, 2011 at 11:56:19AM +0100, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
> 
> ---
>  src/rpc/virnettlscontext.c   |   15 +++++++++++++++
>  tests/virnettlscontexttest.c |    2 +-
>  2 files changed, 16 insertions(+), 1 deletions(-)
> 
> diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
> index db03669..2a58ede 100644
> --- a/src/rpc/virnettlscontext.c
> +++ b/src/rpc/virnettlscontext.c
> @@ -139,6 +139,15 @@ static int virNetTLSContextCheckCertTimes(gnutls_x509_crt_t cert,
>      return 0;
>  }
>  
> +
> +#ifndef GNUTLS_1_0_COMPAT
> +/*
> + * The gnutls_x509_crt_get_basic_constraints function isn't
> + * available in GNUTLS 1.0.x branches. This isn't critical
> + * though, since gnutls_certificate_verify_peers2 will do
> + * pretty much the same check at runtime, so we can just
> + * disable this code
> + */
>  static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
>                                                       const char *certFile,
>                                                       bool isServer,
> @@ -180,6 +189,8 @@ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
>  
>      return 0;
>  }
> +#endif
> +
>  
>  static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert,
>                                               const char *certFile,
> @@ -412,9 +423,11 @@ static int virNetTLSContextCheckCert(gnutls_x509_crt_t cert,
>                                         isServer, isCA) < 0)
>          return -1;
>  
> +#ifndef GNUTLS_1_0_COMPAT
>      if (virNetTLSContextCheckCertBasicConstraints(cert, certFile,
>                                                    isServer, isCA) < 0)
>          return -1;
> +#endif
>  
>      if (virNetTLSContextCheckCertKeyUsage(cert, certFile,
>                                            isCA) < 0)
> @@ -1019,11 +1032,13 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt,
>              /* !sess->isServer, since on the client, we're validating the
>               * server's cert, and on the server, the client's cert
>               */
> +#ifndef GNUTLS_1_0_COMPAT
>              if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]",
>                                                            !sess->isServer, false) < 0) {
>                  gnutls_x509_crt_deinit(cert);
>                  goto authdeny;
>              }
> +#endif
>  
>              if (virNetTLSContextCheckCertKeyUsage(cert, "[session]",
>                                                    false) < 0) {
> diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
> index f2af4f0..12ecf1e 100644
> --- a/tests/virnettlscontexttest.c
> +++ b/tests/virnettlscontexttest.c
> @@ -33,7 +33,7 @@
>  #include "command.h"
>  #include "network.h"
>  
> -#if !defined WIN32 && HAVE_LIBTASN1_H
> +#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT
>  # include <libtasn1.h>
>  # include <gnutls/gnutls.h>
>  # include <gnutls/x509.h>

  ACK, thanks !

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]