11:44 a.m.
virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and
GNUTLS_FSAN_APPEND, which - according to
<http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only
available since 2.6.0.
Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only
enable the test when the version of GNUTLS is at least 2.6.0.
Signed-off-by: Philipp Hahn <hahn(a)univention.de>
---
tests/virnettlscontexttest.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
index 51f75b4..6dd42d4 100644
--- a/tests/virnettlscontexttest.c
+++ b/tests/virnettlscontexttest.c
@@ -36,7 +36,7 @@
#include "virsocketaddr.h"
#include "gnutls_1_0_compat.h"
-#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT
+#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT
&& LIBGNUTLS_VERSION_NUMBER > 0x020600
# include <libtasn1.h>
# include "rpc/virnettlscontext.h"
--
1.7.1
1:10 p.m.
On 01/30/2012 10:44 AM, Philipp Hahn wrote:
virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and
GNUTLS_FSAN_APPEND, which - according to
<http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only
available since 2.6.0.
Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only
enable the test when the version of GNUTLS is at least 2.6.0.
Signed-off-by: Philipp Hahn <hahn(a)univention.de>
---
tests/virnettlscontexttest.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
index 51f75b4..6dd42d4 100644
--- a/tests/virnettlscontexttest.c
+++ b/tests/virnettlscontexttest.c
@@ -36,7 +36,7 @@
#include "virsocketaddr.h"
#include "gnutls_1_0_compat.h"
-#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT
+#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT
&& LIBGNUTLS_VERSION_NUMBER > 0x020600
Isn't that what GNUTLS_1_0_COMPAT is already doing? That is,
GNUTLS_1_0_COMPAT should only be defined if we are already dealing with
a newer gnutls, and should not be present when using RHEL5 1.0.25. What
version of gnutls are you using, where this patch made a difference?
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
6:13 a.m.
On Mon, Jan 30, 2012 at 12:10:57PM -0700, Eric Blake wrote:
On 01/30/2012 10:44 AM, Philipp Hahn wrote:
> virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and
> GNUTLS_FSAN_APPEND, which - according to
> <http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only
> available since 2.6.0.
>
> Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only
> enable the test when the version of GNUTLS is at least 2.6.0.
>
> Signed-off-by: Philipp Hahn <hahn(a)univention.de>
> ---
> tests/virnettlscontexttest.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
> index 51f75b4..6dd42d4 100644
> --- a/tests/virnettlscontexttest.c
> +++ b/tests/virnettlscontexttest.c
> @@ -36,7 +36,7 @@
> #include "virsocketaddr.h"
> #include "gnutls_1_0_compat.h"
>
> -#if !defined WIN32 && HAVE_LIBTASN1_H && !defined
GNUTLS_1_0_COMPAT
> +#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT
&& LIBGNUTLS_VERSION_NUMBER > 0x020600
Isn't that what GNUTLS_1_0_COMPAT is already doing? That is,
GNUTLS_1_0_COMPAT should only be defined if we are already dealing with
a newer gnutls, and should not be present when using RHEL5 1.0.25. What
version of gnutls are you using, where this patch made a difference?
The GNUTLS_1_0_COMPAT code is only dealing with versions <= 2.0.0.
This check is making it more strict to also skip any version
in between 2.0.0 and 2.6.0
Perhaps, this allows us to now remove the GNUTLS_1_0_COMPAT, but I
can't remember if the 1.0.x GNUTLS had LIBGNUTLS_VERSION_NUMBER
defined or not.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
8:20 a.m.
Hello Eric,
Am Montag 30 Januar 2012 20:10:57 schrieb Eric Blake:
> +#if !defined WIN32 && HAVE_LIBTASN1_H &&
!defined GNUTLS_1_0_COMPAT &&
> LIBGNUTLS_VERSION_NUMBER > 0x020600
Isn't that what GNUTLS_1_0_COMPAT is already doing? That is,
GNUTLS_1_0_COMPAT should only be defined if we are already dealing with
a newer gnutls, and should not be present when using RHEL5 1.0.25. What
version of gnutls are you using, where this patch made a difference?
I'm trying to build libvirt-git on an older Debian-Lenny box. There running the check
target fails:
# make virnettlscontexttest
gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -I../gnulib/lib -I../gnulib/lib -I../include
-I../include -I../src -I../src -I../src/util -I../src/conf
-Dabs_builddir="\"/root/libvirt/tests\"" -I/usr/include/libxml2
-Wall -W -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs -Wunused
-Wunknown-pragmas -Wstrict-aliasing -Wshadow -Wpointer-arith -Wbad-function-cast
-Wcast-align -Wwrite-strings -Wlogical-op -Waggregate-return -Wstrict-prototypes
-Wold-style-definition -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn
-Wmissing-format-attribute -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch
-Wvolatile-register-var -Wdisabled-optimization -Wattributes -Wcoverage-mismatch
-Wmultichar -Wdeprecated-declarations -Wdiv-by-zero -Wendif-labels -Wextra
-Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar
-Wnormalized=nfc -Woverflow -Wpointer-to-int-cast -Wpragmas
-Wno-missing-field-initializers -Wno-sign-compare -Wno-format-nonliteral
-fstack-protector-all --param=ssp-buffer-size=4 -fexceptions -fasynchronous-unwind-tables
-fdiagnostics-show-option -funit-at-a-time -fipa-pure-const -Wno-suggest-attribute=pure
-Wno-suggest-attribute=const -g -O2 -MT
virnettlscontexttest-virnettlscontexttest.o -MD -MP -MF
.deps/virnettlscontexttest-virnettlscontexttest.Tpo -c -o
virnettlscontexttest-virnettlscontexttest.o
`test -f 'virnettlscontexttest.c' || echo './'`virnettlscontexttest.c
virnettlscontexttest.c: In function ‘testTLSGenerateCert’:
virnettlscontexttest.c:207: warning: implicit declaration of function
‘gnutls_x509_crt_set_subject_alt_name’
virnettlscontexttest.c:207: warning: nested extern declaration of
‘gnutls_x509_crt_set_subject_alt_name’ [-Wnested-externs]
virnettlscontexttest.c:210: error: ‘GNUTLS_FSAN_APPEND’ undeclared (first use in this
function)
virnettlscontexttest.c:210: error: (Each undeclared identifier is reported only once
virnettlscontexttest.c:210: error: for each function it appears in.)
# egrep '(LIB)?GNUTLS_VERSION_NUMBER|GNUTLS_1_0_COMPAT|GNUTLS_FSAN_APPEND'
/usr/include/gnutls/*
/usr/include/gnutls/gnutls.h:#define LIBGNUTLS_VERSION_NUMBER 0x020402
# dpkg -S /usr/include/gnutls/gnutls.h
libgnutls-dev: /usr/include/gnutls/gnutls.h
# dpkg -l libgnutls-dev
ii libgnutls-dev 2.4.2-6.8.200910141301 the
GNU TLS library - development files
If you look at
<http://www.gnu.org/software/gnutls/manual/gnutls.html#gnutls_005fx509_005...
that function is described
as available only since 2.6.0.
From a newer Debian-Squeeze box for comparison:
# egrep '(LIB)?GNUTLS_VERSION_NUMBER|GNUTLS_1_0_COMPAT|GNUTLS_FSAN_APPEND'
/usr/include/gnutls/*
/usr/include/gnutls/compat.h:#define LIBGNUTLS_VERSION_NUMBER GNUTLS_VERSION_NUMBER
/usr/include/gnutls/gnutls.h:#define GNUTLS_VERSION_NUMBER 0x020806
/usr/include/gnutls/x509.h:#define GNUTLS_FSAN_APPEND 1
BYtE
Philipp
--
Philipp Hahn Open Source Software Engineer hahn(a)univention.de
Univention GmbH Linux for Your Business fon: +49 421 22 232- 0
Mary-Somerville-Str.1 D-28359 Bremen fax: +49 421 22 232-99
http://www.univention.de/
9:06 a.m.
Hello,
On Monday 30 January 2012 18:44:13 Philipp Hahn wrote:
+#if !defined WIN32 && HAVE_LIBTASN1_H && !defined
GNUTLS_1_0_COMPAT &&
LIBGNUTLS_VERSION_NUMBER > 0x020600
That should probably be >= instead of >, but I haven't checked the gnutls
source code history.
Sincerely
Philipp
--
Philipp Hahn Open Source Software Engineer hahn(a)univention.de
Univention GmbH Linux for Your Business fon: +49 421 22 232- 0
Mary-Somerville-Str.1 D-28359 Bremen fax: +49 421 22 232-99
http://www.univention.de/
4729
days inactive
4730
days old
4 comments
3 participants
participants (3)
-
Daniel P. Berrange -
Eric Blake -
Philipp Hahn