]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a4b4b6a)
Fix build with gnutls 1.0.x branch
authorDaniel P. Berrange <berrange@redhat.com>
Tue, 26 Jul 2011 10:53:39 +0000 (06:53 -0400)
committerDaniel P. Berrange <berrange@redhat.com>
Tue, 26 Jul 2011 13:51:03 +0000 (14:51 +0100)
src/rpc/virnettlscontext.c patch | blob | blame | history
tests/virnettlscontexttest.c patch | blob | blame | history

diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index db03669fad331b91b392f64f278d255626f19381..2a58ede1311f29bb281e70eab6e94b063749b829 100644 (file)
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -139,6 +139,15 @@ static int virNetTLSContextCheckCertTimes(gnutls_x509_crt_t cert,
     return 0;
 }
 
+
+#ifndef GNUTLS_1_0_COMPAT
+/*
+ * The gnutls_x509_crt_get_basic_constraints function isn't
+ * available in GNUTLS 1.0.x branches. This isn't critical
+ * though, since gnutls_certificate_verify_peers2 will do
+ * pretty much the same check at runtime, so we can just
+ * disable this code
+ */
 static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
                                                      const char *certFile,
                                                      bool isServer,
@@ -180,6 +189,8 @@ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
 
     return 0;
 }
+#endif
+
 
 static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert,
                                              const char *certFile,
@@ -412,9 +423,11 @@ static int virNetTLSContextCheckCert(gnutls_x509_crt_t cert,
                                        isServer, isCA) < 0)
         return -1;
 
+#ifndef GNUTLS_1_0_COMPAT
     if (virNetTLSContextCheckCertBasicConstraints(cert, certFile,
                                                   isServer, isCA) < 0)
         return -1;
+#endif
 
     if (virNetTLSContextCheckCertKeyUsage(cert, certFile,
                                           isCA) < 0)
@@ -1019,11 +1032,13 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt,
             /* !sess->isServer, since on the client, we're validating the
              * server's cert, and on the server, the client's cert
              */
+#ifndef GNUTLS_1_0_COMPAT
             if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]",
                                                           !sess->isServer, false) < 0) {
                 gnutls_x509_crt_deinit(cert);
                 goto authdeny;
             }
+#endif
 
             if (virNetTLSContextCheckCertKeyUsage(cert, "[session]",
                                                   false) < 0) {
diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
index f2af4f09aa5b52b31bd3c48e47401e573866e9a6..12ecf1e44ba6347fab8e063a9b5308a8f3f2fc05 100644 (file)
--- a/tests/virnettlscontexttest.c
+++ b/tests/virnettlscontexttest.c
@@ -33,7 +33,7 @@
 #include "command.h"
 #include "network.h"
 
-#if !defined WIN32 && HAVE_LIBTASN1_H
+#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT
 # include <libtasn1.h>
 # include <gnutls/gnutls.h>
 # include <gnutls/x509.h>
Mirror of https://github.com/libvirt/libvirt.git