[libvirt] [PATCH] Fix build with gnutls 1.0.x branch
Daniel Veillard
veillard at redhat.com
Tue Jul 26 13:18:31 UTC 2011
On Tue, Jul 26, 2011 at 11:56:19AM +0100, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> ---
> src/rpc/virnettlscontext.c | 15 +++++++++++++++
> tests/virnettlscontexttest.c | 2 +-
> 2 files changed, 16 insertions(+), 1 deletions(-)
>
> diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
> index db03669..2a58ede 100644
> --- a/src/rpc/virnettlscontext.c
> +++ b/src/rpc/virnettlscontext.c
> @@ -139,6 +139,15 @@ static int virNetTLSContextCheckCertTimes(gnutls_x509_crt_t cert,
> return 0;
> }
>
> +
> +#ifndef GNUTLS_1_0_COMPAT
> +/*
> + * The gnutls_x509_crt_get_basic_constraints function isn't
> + * available in GNUTLS 1.0.x branches. This isn't critical
> + * though, since gnutls_certificate_verify_peers2 will do
> + * pretty much the same check at runtime, so we can just
> + * disable this code
> + */
> static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
> const char *certFile,
> bool isServer,
> @@ -180,6 +189,8 @@ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
>
> return 0;
> }
> +#endif
> +
>
> static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert,
> const char *certFile,
> @@ -412,9 +423,11 @@ static int virNetTLSContextCheckCert(gnutls_x509_crt_t cert,
> isServer, isCA) < 0)
> return -1;
>
> +#ifndef GNUTLS_1_0_COMPAT
> if (virNetTLSContextCheckCertBasicConstraints(cert, certFile,
> isServer, isCA) < 0)
> return -1;
> +#endif
>
> if (virNetTLSContextCheckCertKeyUsage(cert, certFile,
> isCA) < 0)
> @@ -1019,11 +1032,13 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt,
> /* !sess->isServer, since on the client, we're validating the
> * server's cert, and on the server, the client's cert
> */
> +#ifndef GNUTLS_1_0_COMPAT
> if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]",
> !sess->isServer, false) < 0) {
> gnutls_x509_crt_deinit(cert);
> goto authdeny;
> }
> +#endif
>
> if (virNetTLSContextCheckCertKeyUsage(cert, "[session]",
> false) < 0) {
> diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
> index f2af4f0..12ecf1e 100644
> --- a/tests/virnettlscontexttest.c
> +++ b/tests/virnettlscontexttest.c
> @@ -33,7 +33,7 @@
> #include "command.h"
> #include "network.h"
>
> -#if !defined WIN32 && HAVE_LIBTASN1_H
> +#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT
> # include <libtasn1.h>
> # include <gnutls/gnutls.h>
> # include <gnutls/x509.h>
ACK, thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list