Our use of gnutls_rnd() is conditional to the availability of the <gnutls/crypto.h> header file. Such check, however, turns out not to be strict enough as there are some versions of gnutls (eg. 2.8.5 as available in CentOS 6) that provide the header file, but not the function itself, which was introduced in 2.12.0. Introduce an explicit check for the function itself. --- Would qualify as a build breaker (see [1]) but I'd rather have some feedback before pushing it. [1] https://ci.centos.org/view/libvirt-project/job/libvirt-daemon-build/systems=... configure.ac | 4 ++++ src/qemu/qemu_domain.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 85fc6e1..360674f 100644 --- a/configure.ac +++ b/configure.ac @@ -1286,6 +1286,10 @@ if test "x$with_gnutls" != "xno"; then #include <gnutls/gnutls.h> ]]) + dnl gnutls_rnd() was introduced in 2.12, so just checking for the + dnl corresponding header is not enough: we have to check for it explicitly + AC_CHECK_FUNCS([gnutls_rnd]) + with_gnutls=yes fi diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index fa7cfc9..55dcba8 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -635,8 +635,8 @@ qemuDomainGenerateRandomKey(size_t nbytes) if (VIR_ALLOC_N(key, nbytes) < 0) return NULL; -#if HAVE_GNUTLS_CRYPTO_H - /* Generate a master key using gnutls if possible */ +#if HAVE_GNUTLS_RND + /* Generate a master key using gnutls_rnd() if possible */ if ((ret = gnutls_rnd(GNUTLS_RND_RANDOM, key, nbytes)) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to generate master key, ret=%d"), ret); @@ -644,7 +644,7 @@ qemuDomainGenerateRandomKey(size_t nbytes) return NULL; } #else - /* If we don't have gnutls, we will generate a less cryptographically + /* If we don't have gnutls_rnd(), we will generate a less cryptographically * strong master key from /dev/urandom. */ if ((ret = virRandomBytes(key, nbytes)) < 0) { -- 2.5.5