From 4d349ef7be7d0726cec066265e0767b39f12be5f Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Tue, 26 Jul 2011 06:53:39 -0400 Subject: [PATCH] Fix build with gnutls 1.0.x branch --- src/rpc/virnettlscontext.c | 15 +++++++++++++++ tests/virnettlscontexttest.c | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index db03669fad..2a58ede131 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -139,6 +139,15 @@ static int virNetTLSContextCheckCertTimes(gnutls_x509_crt_t cert, return 0; } + +#ifndef GNUTLS_1_0_COMPAT +/* + * The gnutls_x509_crt_get_basic_constraints function isn't + * available in GNUTLS 1.0.x branches. This isn't critical + * though, since gnutls_certificate_verify_peers2 will do + * pretty much the same check at runtime, so we can just + * disable this code + */ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert, const char *certFile, bool isServer, @@ -180,6 +189,8 @@ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert, return 0; } +#endif + static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert, const char *certFile, @@ -412,9 +423,11 @@ static int virNetTLSContextCheckCert(gnutls_x509_crt_t cert, isServer, isCA) < 0) return -1; +#ifndef GNUTLS_1_0_COMPAT if (virNetTLSContextCheckCertBasicConstraints(cert, certFile, isServer, isCA) < 0) return -1; +#endif if (virNetTLSContextCheckCertKeyUsage(cert, certFile, isCA) < 0) @@ -1019,11 +1032,13 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt, /* !sess->isServer, since on the client, we're validating the * server's cert, and on the server, the client's cert */ +#ifndef GNUTLS_1_0_COMPAT if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]", !sess->isServer, false) < 0) { gnutls_x509_crt_deinit(cert); goto authdeny; } +#endif if (virNetTLSContextCheckCertKeyUsage(cert, "[session]", false) < 0) { diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index f2af4f09aa..12ecf1e44b 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -33,7 +33,7 @@ #include "command.h" #include "network.h" -#if !defined WIN32 && HAVE_LIBTASN1_H +#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT # include # include # include -- GitLab