[libvirt] [PATCH] tests: virnettlscontexttest needs gnutls-2.6.0

virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and GNUTLS_FSAN_APPEND, which - according to <http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only available since 2.6.0. Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only enable the test when the version of GNUTLS is at least 2.6.0. Signed-off-by: Philipp Hahn <hahn@univention.de> --- tests/virnettlscontexttest.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index 51f75b4..6dd42d4 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -36,7 +36,7 @@ #include "virsocketaddr.h" #include "gnutls_1_0_compat.h" -#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT +#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT && LIBGNUTLS_VERSION_NUMBER > 0x020600 # include <libtasn1.h> # include "rpc/virnettlscontext.h" -- 1.7.1

On 01/30/2012 10:44 AM, Philipp Hahn wrote:
virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and GNUTLS_FSAN_APPEND, which - according to <http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only available since 2.6.0.
Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only enable the test when the version of GNUTLS is at least 2.6.0.
Signed-off-by: Philipp Hahn <hahn@univention.de> --- tests/virnettlscontexttest.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index 51f75b4..6dd42d4 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -36,7 +36,7 @@ #include "virsocketaddr.h" #include "gnutls_1_0_compat.h"
-#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT +#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT && LIBGNUTLS_VERSION_NUMBER > 0x020600
Isn't that what GNUTLS_1_0_COMPAT is already doing? That is, GNUTLS_1_0_COMPAT should only be defined if we are already dealing with a newer gnutls, and should not be present when using RHEL5 1.0.25. What version of gnutls are you using, where this patch made a difference? -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org

On Mon, Jan 30, 2012 at 12:10:57PM -0700, Eric Blake wrote:
On 01/30/2012 10:44 AM, Philipp Hahn wrote:
virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and GNUTLS_FSAN_APPEND, which - according to <http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only available since 2.6.0.
Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only enable the test when the version of GNUTLS is at least 2.6.0.
Signed-off-by: Philipp Hahn <hahn@univention.de> --- tests/virnettlscontexttest.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index 51f75b4..6dd42d4 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -36,7 +36,7 @@ #include "virsocketaddr.h" #include "gnutls_1_0_compat.h"
-#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT +#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT && LIBGNUTLS_VERSION_NUMBER > 0x020600
Isn't that what GNUTLS_1_0_COMPAT is already doing? That is, GNUTLS_1_0_COMPAT should only be defined if we are already dealing with a newer gnutls, and should not be present when using RHEL5 1.0.25. What version of gnutls are you using, where this patch made a difference?
The GNUTLS_1_0_COMPAT code is only dealing with versions <= 2.0.0. This check is making it more strict to also skip any version in between 2.0.0 and 2.6.0 Perhaps, this allows us to now remove the GNUTLS_1_0_COMPAT, but I can't remember if the 1.0.x GNUTLS had LIBGNUTLS_VERSION_NUMBER defined or not. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

Hello Eric, Am Montag 30 Januar 2012 20:10:57 schrieb Eric Blake:
+#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT && LIBGNUTLS_VERSION_NUMBER > 0x020600
Isn't that what GNUTLS_1_0_COMPAT is already doing? That is, GNUTLS_1_0_COMPAT should only be defined if we are already dealing with a newer gnutls, and should not be present when using RHEL5 1.0.25. What version of gnutls are you using, where this patch made a difference?
I'm trying to build libvirt-git on an older Debian-Lenny box. There running the check target fails: # make virnettlscontexttest gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -I../gnulib/lib -I../gnulib/lib -I../include -I../include -I../src -I../src -I../src/util -I../src/conf -Dabs_builddir="\"/root/libvirt/tests\"" -I/usr/include/libxml2 -Wall -W -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs -Wunused -Wunknown-pragmas -Wstrict-aliasing -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Wlogical-op -Waggregate-return -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var -Wdisabled-optimization -Wattributes -Wcoverage-mismatch -Wmultichar -Wdeprecated-declarations -Wdiv-by-zero -Wendif-labels -Wextra -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar -Wnormalized=nfc -Woverflow -Wpointer-to-int-cast -Wpragmas -Wno-missing-field-initializers -Wno-sign-compare -Wno-format-nonliteral -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -g -O2 -MT virnettlscontexttest-virnettlscontexttest.o -MD -MP -MF .deps/virnettlscontexttest-virnettlscontexttest.Tpo -c -o virnettlscontexttest-virnettlscontexttest.o `test -f 'virnettlscontexttest.c' || echo './'`virnettlscontexttest.c virnettlscontexttest.c: In function ‘testTLSGenerateCert’: virnettlscontexttest.c:207: warning: implicit declaration of function ‘gnutls_x509_crt_set_subject_alt_name’ virnettlscontexttest.c:207: warning: nested extern declaration of ‘gnutls_x509_crt_set_subject_alt_name’ [-Wnested-externs] virnettlscontexttest.c:210: error: ‘GNUTLS_FSAN_APPEND’ undeclared (first use in this function) virnettlscontexttest.c:210: error: (Each undeclared identifier is reported only once virnettlscontexttest.c:210: error: for each function it appears in.) # egrep '(LIB)?GNUTLS_VERSION_NUMBER|GNUTLS_1_0_COMPAT|GNUTLS_FSAN_APPEND' /usr/include/gnutls/* /usr/include/gnutls/gnutls.h:#define LIBGNUTLS_VERSION_NUMBER 0x020402 # dpkg -S /usr/include/gnutls/gnutls.h libgnutls-dev: /usr/include/gnutls/gnutls.h # dpkg -l libgnutls-dev ii libgnutls-dev 2.4.2-6.8.200910141301 the GNU TLS library - development files If you look at <http://www.gnu.org/software/gnutls/manual/gnutls.html#gnutls_005fx509_005fcrt_005fset_005fsubject_005falt_005fname> that function is described as available only since 2.6.0. From a newer Debian-Squeeze box for comparison: # egrep '(LIB)?GNUTLS_VERSION_NUMBER|GNUTLS_1_0_COMPAT|GNUTLS_FSAN_APPEND' /usr/include/gnutls/* /usr/include/gnutls/compat.h:#define LIBGNUTLS_VERSION_NUMBER GNUTLS_VERSION_NUMBER /usr/include/gnutls/gnutls.h:#define GNUTLS_VERSION_NUMBER 0x020806 /usr/include/gnutls/x509.h:#define GNUTLS_FSAN_APPEND 1 BYtE Philipp -- Philipp Hahn Open Source Software Engineer hahn@univention.de Univention GmbH Linux for Your Business fon: +49 421 22 232- 0 Mary-Somerville-Str.1 D-28359 Bremen fax: +49 421 22 232-99 http://www.univention.de/

Hello, On Monday 30 January 2012 18:44:13 Philipp Hahn wrote:
+#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT && LIBGNUTLS_VERSION_NUMBER > 0x020600
That should probably be >= instead of >, but I haven't checked the gnutls source code history. Sincerely Philipp -- Philipp Hahn Open Source Software Engineer hahn@univention.de Univention GmbH Linux for Your Business fon: +49 421 22 232- 0 Mary-Somerville-Str.1 D-28359 Bremen fax: +49 421 22 232-99 http://www.univention.de/
participants (3)
-
Daniel P. Berrange
-
Eric Blake
-
Philipp Hahn