Re: [libvirt] [PATCH] virnettlscontexttest fails with GNUTLS 3.0.28
On Thu, Dec 19, 2013 at 01:42:37PM -0700, Eric Blake wrote:
On 12/19/2013 09:23 AM, Cédric Bosdonnat wrote:
> Changed the constraints on gnutls to 3.1+
> ---
> tests/virnettlscontexttest.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
> index fc512fc..d9a4e9d 100644
> --- a/tests/virnettlscontexttest.c
> +++ b/tests/virnettlscontexttest.c
> @@ -268,7 +268,8 @@ mymain(void)
> * be rejected. GNUTLS < 3 does not reject it and
> * we don't anticipate them changing this behaviour
> */
> - DO_CTX_TEST(true, cacert4req.filename, servercert4req.filename,
GNUTLS_VERSION_MAJOR >= 3);
> + DO_CTX_TEST(true, cacert4req.filename, servercert4req.filename,
> + GNUTLS_VERSION_MAJOR >= 3 && GNUTLS_VERSION_MINOR >=
1);
Not quite. This will reject gnutls 4.0. It has to be more like:
(GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR >= 1) ||
GNUTLS_VERSION_MAJOR > 3
What distro were you on when you hit this failure? I'm a little bit
reluctant to bump the minimum requirement without knowing a bit more
about how common 3.0 is in practice. Adding more details in your commit
log about why you needed it (not just what you changed) makes it easier
to review.
We discussed this on IRC - the earliest version that I tested was
on Fedora 19 which have GNUTLS 3.1.11 which passes. On OpenSuse
they have 3.0.28 which failed. Technically we could bisect every
darn release version between these two to find out where the fix
came in, but frankly it is easier to just assume 3.1.0 until
the unlikely event that someone else complains :-)
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|