From: Ondřej Surý <ondrej@sury.org>
Date: Fri, 5 Aug 2016 10:05:49 +0000 (+0200)
Subject: gnutls_certificate_get_x509_crt requires gnutls 3.4.0
X-Git-Tag: v1.1.0~7^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=edf23671cee7833460feafe30f2efd5087d0b827;p=thirdparty%2Fknot-resolver.git

gnutls_certificate_get_x509_crt requires gnutls 3.4.0
---

diff --git a/daemon/tls.c b/daemon/tls.c
index 31cafefa3..3bd02a860 100644
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -265,6 +265,8 @@ int tls_process(struct worker_ctx *worker, uv_stream_t *handle, const uint8_t *b
 	return submitted;
 }
 
+#if GNUTLS_VERSION_NUMBER >= 0x030400
+
 /*
   DNS-over-TLS Out of band key-pinned authentication profile uses the
   same form of pins as HPKP:
@@ -333,6 +335,12 @@ void tls_credentials_log_pins(struct tls_credentials *tls_credentials)
 		gnutls_free(certs);
 	}
 }
+#else
+void tls_credentials_log_pins(struct tls_credentials *tls_credentials)
+{
+	kr_log_error("[tls] could not calculate RFC 7858 OOB key-pin; GnuTLS 3.4.0+ required\n");
+}
+#endif
 
 static int str_replace(char **where_ptr, const char *with)
 {