[libvirt] [PATCH] Fix build with gnutls 1.0.x branch
From: "Daniel P. Berrange" <berrange@redhat.com> --- src/rpc/virnettlscontext.c | 15 +++++++++++++++ tests/virnettlscontexttest.c | 2 +- 2 files changed, 16 insertions(+), 1 deletions(-) diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index db03669..2a58ede 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -139,6 +139,15 @@ static int virNetTLSContextCheckCertTimes(gnutls_x509_crt_t cert, return 0; } + +#ifndef GNUTLS_1_0_COMPAT +/* + * The gnutls_x509_crt_get_basic_constraints function isn't + * available in GNUTLS 1.0.x branches. This isn't critical + * though, since gnutls_certificate_verify_peers2 will do + * pretty much the same check at runtime, so we can just + * disable this code + */ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert, const char *certFile, bool isServer, @@ -180,6 +189,8 @@ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert, return 0; } +#endif + static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert, const char *certFile, @@ -412,9 +423,11 @@ static int virNetTLSContextCheckCert(gnutls_x509_crt_t cert, isServer, isCA) < 0) return -1; +#ifndef GNUTLS_1_0_COMPAT if (virNetTLSContextCheckCertBasicConstraints(cert, certFile, isServer, isCA) < 0) return -1; +#endif if (virNetTLSContextCheckCertKeyUsage(cert, certFile, isCA) < 0) @@ -1019,11 +1032,13 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt, /* !sess->isServer, since on the client, we're validating the * server's cert, and on the server, the client's cert */ +#ifndef GNUTLS_1_0_COMPAT if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]", !sess->isServer, false) < 0) { gnutls_x509_crt_deinit(cert); goto authdeny; } +#endif if (virNetTLSContextCheckCertKeyUsage(cert, "[session]", false) < 0) { diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index f2af4f0..12ecf1e 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -33,7 +33,7 @@ #include "command.h" #include "network.h" -#if !defined WIN32 && HAVE_LIBTASN1_H +#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT # include <libtasn1.h> # include <gnutls/gnutls.h> # include <gnutls/x509.h> -- 1.7.6
On Tue, Jul 26, 2011 at 11:56:19AM +0100, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
--- src/rpc/virnettlscontext.c | 15 +++++++++++++++ tests/virnettlscontexttest.c | 2 +- 2 files changed, 16 insertions(+), 1 deletions(-)
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index db03669..2a58ede 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -139,6 +139,15 @@ static int virNetTLSContextCheckCertTimes(gnutls_x509_crt_t cert, return 0; }
+ +#ifndef GNUTLS_1_0_COMPAT +/* + * The gnutls_x509_crt_get_basic_constraints function isn't + * available in GNUTLS 1.0.x branches. This isn't critical + * though, since gnutls_certificate_verify_peers2 will do + * pretty much the same check at runtime, so we can just + * disable this code + */ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert, const char *certFile, bool isServer, @@ -180,6 +189,8 @@ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
return 0; } +#endif +
static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert, const char *certFile, @@ -412,9 +423,11 @@ static int virNetTLSContextCheckCert(gnutls_x509_crt_t cert, isServer, isCA) < 0) return -1;
+#ifndef GNUTLS_1_0_COMPAT if (virNetTLSContextCheckCertBasicConstraints(cert, certFile, isServer, isCA) < 0) return -1; +#endif
if (virNetTLSContextCheckCertKeyUsage(cert, certFile, isCA) < 0) @@ -1019,11 +1032,13 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt, /* !sess->isServer, since on the client, we're validating the * server's cert, and on the server, the client's cert */ +#ifndef GNUTLS_1_0_COMPAT if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]", !sess->isServer, false) < 0) { gnutls_x509_crt_deinit(cert); goto authdeny; } +#endif
if (virNetTLSContextCheckCertKeyUsage(cert, "[session]", false) < 0) { diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index f2af4f0..12ecf1e 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -33,7 +33,7 @@ #include "command.h" #include "network.h"
-#if !defined WIN32 && HAVE_LIBTASN1_H +#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT # include <libtasn1.h> # include <gnutls/gnutls.h> # include <gnutls/x509.h>
ACK, thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
participants (2)
-
Daniel P. Berrange -
Daniel Veillard