On Wed, Nov 16, 2016 at 04:23:41PM +0100, Christian Ehrhardt wrote:
A recent change in gnutls that was released with 3.5.6 changed the behavior of dname en- and decoding to follow RFC4514.
That breaks the related tests which failed validation in virNetTLSContextCheckCertDNWhitelist due to the strings no more matching in the fnmatch check.
The fix is a gnutls version dependent definition of the wildcard strings used by the tests (older gnutls versions require the old order).
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> --- tests/virnettlssessiontest.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+)
NACK, the gnutls changes are being reverted by upstream and IMHO if any distro is shipping 3.5.6 they should revert them too, as the change was a semantic break in gnutls API that will in turn break any libvirt deployments using this feature when upgraded Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|