Re: [libvirt] failure to build on rawhide
Eric Blake <eblake@redhat.com> writes:
I'm getting this when trying to build libvirt on rawhide (using the package gnutls-devel-2.12.3-1.fc16.x86_64):
remote/remote_driver.c: In function 'negotiate_gnutls_on_connection': remote/remote_driver.c:1361:9: error: 'gnutls_certificate_type_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:347) [-Werror=deprecated-declarations]
but I can't find anything in the gnutls man pages that says why it is deprecated or what to use in its place. Any ideas?
Try gnutls_priority_set. What did you use gnutls_certificate_type_set_priority for? It is rare to really need it, a call to gnutls_set_default_priority() is usually sufficient. Ideally the GTK-DOC strings for the deprecated functions should be updated to point at the newer functions. /Simon
On Fri, May 20, 2011 at 10:51:34PM +0200, Simon Josefsson wrote:
Eric Blake <eblake@redhat.com> writes:
I'm getting this when trying to build libvirt on rawhide (using the package gnutls-devel-2.12.3-1.fc16.x86_64):
remote/remote_driver.c: In function 'negotiate_gnutls_on_connection': remote/remote_driver.c:1361:9: error: 'gnutls_certificate_type_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:347) [-Werror=deprecated-declarations]
but I can't find anything in the gnutls man pages that says why it is deprecated or what to use in its place. Any ideas?
Try gnutls_priority_set. What did you use gnutls_certificate_type_set_priority for? It is rare to really need it, a call to gnutls_set_default_priority() is usually sufficient.
Agreed, our current use of gnutls_certificate_type_set_priority is bogus and can/should be removed, leaving just set_default_priority calls. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 05/23/2011 11:54 AM, Daniel P. Berrange wrote:
Try gnutls_priority_set. What did you use gnutls_certificate_type_set_priority for? It is rare to really need it, a call to gnutls_set_default_priority() is usually sufficient. Agreed, our current use of gnutls_certificate_type_set_priority is bogus and can/should be removed, leaving just set_default_priority calls.
If you expect random (other than gnutls/openssl/nss) TLS implementations to connect to you (or you plan to connect to them), then the set_default_priority() might not be enough. I tried to sketch the reasons at: http://www.gnu.org/software/gnutls/manual/html_node/Compatibility-Issues.htm... In those cases you might want to have some options configurable. regards, Nikos
Nikos Mavrogiannopoulos <nmav@gnutls.org> writes:
On 05/23/2011 11:54 AM, Daniel P. Berrange wrote:
Try gnutls_priority_set. What did you use gnutls_certificate_type_set_priority for? It is rare to really need it, a call to gnutls_set_default_priority() is usually sufficient. Agreed, our current use of gnutls_certificate_type_set_priority is bogus and can/should be removed, leaving just set_default_priority calls.
If you expect random (other than gnutls/openssl/nss) TLS implementations to connect to you (or you plan to connect to them), then the set_default_priority() might not be enough. I tried to sketch the reasons at: http://www.gnu.org/software/gnutls/manual/html_node/Compatibility-Issues.htm...
In those cases you might want to have some options configurable.
Yes, it would be nice if libvirt had a configuration knob for user to specify the priority string. However, as I understand it, libvirt only talks to its own implementation, and doesn't need to be compatible with any browser SSL legacy. So you probably don't need to use any compatibility settings at all. /Simon
participants (3)
-
Daniel P. Berrange -
Nikos Mavrogiannopoulos -
Simon Josefsson