From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 29 Aug 2017 15:24:26 +0000 (+0100)
Subject: Fix TLS test suites with gnutls 3.6.0
X-Git-Tag: v3.7.0-rc2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c666661bbcca840f432b49674c8b1801c8aa055c;p=thirdparty%2Flibvirt.git

Fix TLS test suites with gnutls 3.6.0

With gnutls 3.6.0, SHA1 is no longer accepted for certificate
signatures. We must usw SHA256 instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

diff --git a/tests/virnettlshelpers.c b/tests/virnettlshelpers.c
index 531d0b9075..b735c4e2f0 100644
--- a/tests/virnettlshelpers.c
+++ b/tests/virnettlshelpers.c
@@ -384,7 +384,7 @@ testTLSGenerateCert(struct testTLSCertReq *req,
      * If no 'ca' is set then we are self signing
      * the cert. This is done for the root CA certs
      */
-    if ((err = gnutls_x509_crt_sign(crt, ca ? ca : crt, privkey)) < 0) {
+    if ((err = gnutls_x509_crt_sign2(crt, ca ? ca : crt, privkey, GNUTLS_DIG_SHA256, 0)) < 0) {
         VIR_WARN("Failed to sign certificate %s", gnutls_strerror(err));
         abort();
     }