src: Drop most of #ifdef WITH_GNUTLS

Now that GnuTLS is a requirement, we can drop a lot of conditionally built code. However, not all ifdef-s can go because we still want libvirt_setuid to build without gnutls. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2025-01-22 04:25:18 +00:00 · 2018-06-04 11:12:29 +02:00 · 2018-06-04 11:12:29 +02:00 · 234ce7d02f
commit 234ce7d02f
parent fe9f235a4c
20 changed files with 27 additions and 253 deletions
--- a/src/locking/lock_daemon.c
+++ b/src/locking/lock_daemon.c
@ -619,9 +619,7 @@ virLockDaemonSetupNetworkingSystemD(virNetServerPtr lockSrv, virNetServerPtr adm
        /* Systemd passes FDs, starting immediately after stderr,
         * so the first FD we'll get is '3'. */
        if (!(svc = virNetServerServiceNewFD(3 + i, 0,
 #if WITH_GNUTLS
                                             NULL,
 #endif
                                             false, 0, 1)))
            return -1;
@ -642,9 +640,7 @@ virLockDaemonSetupNetworkingNative(virNetServerPtr srv, const char *sock_path)
    VIR_DEBUG("Setting up networking natively");
    if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0,
 #if WITH_GNUTLS
                                           NULL,
 #endif
                                           false, 0, 1)))
        return -1;
--- a/src/logging/log_daemon.c
+++ b/src/logging/log_daemon.c
@ -554,9 +554,7 @@ virLogDaemonSetupNetworkingSystemD(virNetServerPtr logSrv, virNetServerPtr admin
        /* Systemd passes FDs, starting immediately after stderr,
         * so the first FD we'll get is '3'. */
        if (!(svc = virNetServerServiceNewFD(3 + i, 0,
 #if WITH_GNUTLS
                                             NULL,
 #endif
                                             false, 0, 1)))
            return -1;
@ -577,9 +575,7 @@ virLogDaemonSetupNetworkingNative(virNetServerPtr srv, const char *sock_path)
    VIR_DEBUG("Setting up networking natively");
    if (!(svc = virNetServerServiceNewUNIX(sock_path, 0700, 0, 0,
 #if WITH_GNUTLS
                                           NULL,
 #endif
                                           false, 0, 1)))
        return -1;
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@ -957,9 +957,7 @@ static int virLXCControllerSetupServer(virLXCControllerPtr ctrl)
                                           0700,
                                           0,
                                           0,
 #if WITH_GNUTLS
                                           NULL,
 #endif
                                           false,
                                           0,
                                           5)))
--- a/src/qemu/qemu_migration_cookie.c
+++ b/src/qemu/qemu_migration_cookie.c
@ -18,10 +18,8 @@
 #include <config.h>
 #ifdef WITH_GNUTLS
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
 #endif
 #include "locking/domain_lock.h"
 #include "viralloc.h"
@ -131,7 +129,6 @@ qemuMigrationCookieFree(qemuMigrationCookiePtr mig)
 }
 #ifdef WITH_GNUTLS
 static char *
 qemuDomainExtractTLSSubject(const char *certdir)
 {
@ -188,7 +185,7 @@ qemuDomainExtractTLSSubject(const char *certdir)
    VIR_FREE(pemdata);
    return NULL;
 }
-#endif
+
 static qemuMigrationCookieGraphicsPtr
 qemuMigrationCookieGraphicsSpiceAlloc(virQEMUDriverPtr driver,
@ -212,11 +209,10 @@ qemuMigrationCookieGraphicsSpiceAlloc(virQEMUDriverPtr driver,
    if (!glisten || !(listenAddr = glisten->address))
        listenAddr = cfg->spiceListen;
 #ifdef WITH_GNUTLS
    if (cfg->spiceTLS &&
        !(mig->tlsSubject = qemuDomainExtractTLSSubject(cfg->spiceTLSx509certdir)))
        goto error;
-#endif
+
    if (VIR_STRDUP(mig->listen, listenAddr) < 0)
        goto error;
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@ -375,9 +375,7 @@ daemonSetupNetworking(virNetServerPtr srv,
    virNetServerServicePtr svcAdm = NULL;
    virNetServerServicePtr svcRO = NULL;
    virNetServerServicePtr svcTCP = NULL;
 #if WITH_GNUTLS
    virNetServerServicePtr svcTLS = NULL;
 #endif
    gid_t unix_sock_gid = 0;
    int unix_sock_ro_mask = 0;
    int unix_sock_rw_mask = 0;
@ -416,9 +414,7 @@ daemonSetupNetworking(virNetServerPtr srv,
                                               unix_sock_rw_mask,
                                               unix_sock_gid,
                                               config->auth_unix_rw,
 #if WITH_GNUTLS
                                               NULL,
 #endif
                                               false,
                                               config->max_queued_clients,
                                               config->max_client_requests,
@ -429,9 +425,7 @@ daemonSetupNetworking(virNetServerPtr srv,
                                                     unix_sock_ro_mask,
                                                     unix_sock_gid,
                                                     config->auth_unix_ro,
 #if WITH_GNUTLS
                                                     NULL,
 #endif
                                                     true,
                                                     config->max_queued_clients,
                                                     config->max_client_requests,
@ -455,9 +449,7 @@ daemonSetupNetworking(virNetServerPtr srv,
                                                  unix_sock_adm_mask,
                                                  unix_sock_gid,
                                                  REMOTE_AUTH_NONE,
 #if WITH_GNUTLS
                                                  NULL,
 #endif
                                                  false,
                                                  config->admin_max_queued_clients,
                                                  config->admin_max_client_requests)))
@ -475,9 +467,7 @@ daemonSetupNetworking(virNetServerPtr srv,
                                                     config->tcp_port,
                                                     AF_UNSPEC,
                                                     config->auth_tcp,
 #if WITH_GNUTLS
                                                     NULL,
 #endif
                                                     false,
                                                     config->max_queued_clients,
                                                     config->max_client_requests)))
@ -488,7 +478,6 @@ daemonSetupNetworking(virNetServerPtr srv,
                goto cleanup;
        }
 #if WITH_GNUTLS
        if (config->listen_tls) {
            virNetTLSContextPtr ctxt = NULL;
@ -552,22 +541,12 @@ daemonSetupNetworking(virNetServerPtr srv,
            virObjectUnref(ctxt);
        }
 #else
        (void)privileged;
        if (config->listen_tls) {
            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                           _("This libvirtd build does not support TLS"));
            goto cleanup;
        }
 #endif
    }
 #if WITH_SASL
    if (config->auth_unix_rw == REMOTE_AUTH_SASL ||
        (sock_path_ro && config->auth_unix_ro == REMOTE_AUTH_SASL) ||
 # if WITH_GNUTLS
        (ipsock && config->listen_tls && config->auth_tls == REMOTE_AUTH_SASL) ||
 # endif
        (ipsock && config->listen_tcp && config->auth_tcp == REMOTE_AUTH_SASL)) {
        saslCtxt = virNetSASLContextNewServer(
            (const char *const*)config->sasl_allowed_username_list);
@ -579,9 +558,7 @@ daemonSetupNetworking(virNetServerPtr srv,
    ret = 0;
 cleanup:
 #if WITH_GNUTLS
    virObjectUnref(svcTLS);
 #endif
    virObjectUnref(svcTCP);
    virObjectUnref(svcRO);
    virObjectUnref(svcAdm);
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@ -3353,7 +3353,6 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED,
    if (!sasl)
        goto authfail;
 # if WITH_GNUTLS
    /* Inform SASL that we've got an external SSF layer from TLS */
    if (virNetServerClientHasTLSSession(client)) {
        int ssf;
@ -3367,7 +3366,6 @@ remoteDispatchAuthSaslInit(virNetServerPtr server ATTRIBUTE_UNUSED,
        if (virNetSASLSessionExtKeySize(sasl, ssf) < 0)
            goto authfail;
    }
 # endif
    if (virNetServerClientIsSecure(client))
        /* If we've got TLS or UNIX domain sock, we don't care about SSF */
--- a/src/rpc/virnetdaemon.h
+++ b/src/rpc/virnetdaemon.h
@ -25,9 +25,7 @@
 # include <signal.h>
 # ifdef WITH_GNUTLS
 # include "virnettlscontext.h"
 # endif
 # include "virobject.h"
 # include "virjson.h"
 # include "virnetserverprogram.h"
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@ -73,9 +73,7 @@ struct _virNetServer {
    int keepaliveInterval;
    unsigned int keepaliveCount;
 #ifdef WITH_GNUTLS
    virNetTLSContextPtr tls;
 #endif
    virNetServerClientPrivNew clientPrivNew;
    virNetServerClientPrivPreExecRestart clientPrivPreExecRestart;
@ -320,9 +318,7 @@ static int virNetServerDispatchNewClient(virNetServerServicePtr svc,
                                         virNetServerServiceGetAuth(svc),
                                         virNetServerServiceIsReadonly(svc),
                                         virNetServerServiceGetMaxRequests(svc),
 #if WITH_GNUTLS
                                         virNetServerServiceGetTLSContext(svc),
 #endif
                                         srv->clientPrivNew,
                                         srv->clientPrivPreExecRestart,
                                         srv->clientPrivFree,
@ -728,14 +724,12 @@ int virNetServerAddProgram(virNetServerPtr srv,
    return -1;
 }
 #if WITH_GNUTLS
 int virNetServerSetTLSContext(virNetServerPtr srv,
                              virNetTLSContextPtr tls)
 {
    srv->tls = virObjectRef(tls);
    return 0;
 }
 #endif
 /**
--- a/src/rpc/virnetserver.h
+++ b/src/rpc/virnetserver.h
@ -24,9 +24,7 @@
 #ifndef __VIR_NET_SERVER_H__
 # define __VIR_NET_SERVER_H__
 # ifdef WITH_GNUTLS
 # include "virnettlscontext.h"
 # endif
 # include "virnetserverprogram.h"
 # include "virnetserverclient.h"
 # include "virnetserverservice.h"
@ -71,10 +69,8 @@ int virNetServerAddService(virNetServerPtr srv,
 int virNetServerAddProgram(virNetServerPtr srv,
                           virNetServerProgramPtr prog);
 # if WITH_GNUTLS
 int virNetServerSetTLSContext(virNetServerPtr srv,
                              virNetTLSContextPtr tls);
 # endif
 int virNetServerAddClient(virNetServerPtr srv,
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@ -73,10 +73,8 @@ struct _virNetServerClient
    int auth;
    bool auth_pending;
    bool readonly;
 #if WITH_GNUTLS
    virNetTLSContextPtr tlsCtxt;
    virNetTLSSessionPtr tls;
 #endif
 #if WITH_SASL
    virNetSASLSessionPtr sasl;
 #endif
@ -154,18 +152,13 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client)
    VIR_DEBUG("tls=%p hs=%d, rx=%p tx=%p",
 #ifdef WITH_GNUTLS
              client->tls,
              client->tls ? virNetTLSSessionGetHandshakeStatus(client->tls) : -1,
 #else
              NULL, -1,
 #endif
              client->rx,
              client->tx);
    if (!client->sock || client->wantClose)
        return 0;
 #if WITH_GNUTLS
    if (client->tls) {
        switch (virNetTLSSessionGetHandshakeStatus(client->tls)) {
        case VIR_NET_TLS_HANDSHAKE_RECVING:
@ -182,7 +175,6 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client)
                mode |= VIR_EVENT_HANDLE_WRITABLE;
        }
    } else {
 #endif
        /* If there is a message on the rx queue, and
         * we're not in middle of a delayedClose, then
         * we're wanting more input */
@ -193,9 +185,7 @@ virNetServerClientCalculateHandleMode(virNetServerClientPtr client)
           then monitor for writability on socket */
        if (client->tx)
            mode |= VIR_EVENT_HANDLE_WRITABLE;
 #if WITH_GNUTLS
    }
 #endif
    VIR_DEBUG("mode=0%o", mode);
    return mode;
 }
@ -300,7 +290,6 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client,
 }
 #ifdef WITH_GNUTLS
 /* Check the client's access. */
 static int
 virNetServerClientCheckAccess(virNetServerClientPtr client)
@ -335,7 +324,7 @@ virNetServerClientCheckAccess(virNetServerClientPtr client)
    return 0;
 }
-#endif
+
 static void virNetServerClientDispatchMessage(virNetServerClientPtr client,
                                              virNetMessagePtr msg)
@ -396,9 +385,7 @@ virNetServerClientNewInternal(unsigned long long id,
                              virNetSocketPtr sock,
                              int auth,
                              bool auth_pending,
 #ifdef WITH_GNUTLS
                              virNetTLSContextPtr tls,
 #endif
                              bool readonly,
                              size_t nrequests_max,
                              long long timestamp)
@ -416,9 +403,7 @@ virNetServerClientNewInternal(unsigned long long id,
    client->auth = auth;
    client->auth_pending = auth_pending;
    client->readonly = readonly;
 #ifdef WITH_GNUTLS
    client->tlsCtxt = virObjectRef(tls);
 #endif
    client->nrequests_max = nrequests_max;
    client->conn_time = timestamp;
@ -452,9 +437,7 @@ virNetServerClientPtr virNetServerClientNew(unsigned long long id,
                                            int auth,
                                            bool readonly,
                                            size_t nrequests_max,
 #ifdef WITH_GNUTLS
                                            virNetTLSContextPtr tls,
 #endif
                                            virNetServerClientPrivNew privNew,
                                            virNetServerClientPrivPreExecRestart privPreExecRestart,
                                            virFreeCallback privFree,
@ -464,13 +447,7 @@ virNetServerClientPtr virNetServerClientNew(unsigned long long id,
    time_t now;
    bool auth_pending = !virNetServerClientAuthMethodImpliesAuthenticated(auth);
-    VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth,
+    VIR_DEBUG("sock=%p auth=%d tls=%p", sock, auth, tls);
 #ifdef WITH_GNUTLS
              tls
 #else
              NULL
 #endif
        );
    if ((now = time(NULL)) == (time_t)-1) {
        virReportSystemError(errno, "%s", _("failed to get current time"));
@ -478,10 +455,7 @@ virNetServerClientPtr virNetServerClientNew(unsigned long long id,
    }
    if (!(client = virNetServerClientNewInternal(id, sock, auth, auth_pending,
-#ifdef WITH_GNUTLS
+                                                 tls, readonly, nrequests_max,
                                                 tls,
 #endif
                                                 readonly, nrequests_max,
                                                 now)))
        return NULL;
@ -586,9 +560,7 @@ virNetServerClientPtr virNetServerClientNewPostExecRestart(virNetServerPtr srv,
                                                 sock,
                                                 auth,
                                                 auth_pending,
 #ifdef WITH_GNUTLS
                                                 NULL,
 #endif
                                                 readonly,
                                                 nrequests_max,
                                                 timestamp))) {
@ -720,7 +692,6 @@ long long virNetServerClientGetTimestamp(virNetServerClientPtr client)
    return client->conn_time;
 }
 #ifdef WITH_GNUTLS
 bool virNetServerClientHasTLSSession(virNetServerClientPtr client)
 {
    bool has;
@ -749,7 +720,6 @@ int virNetServerClientGetTLSKeySize(virNetServerClientPtr client)
    virObjectUnlock(client);
    return size;
 }
 #endif
 int virNetServerClientGetFD(virNetServerClientPtr client)
 {
@ -837,13 +807,11 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
    }
 #endif
 #if WITH_GNUTLS
    if (client->tls) {
        const char *identity = virNetTLSSessionGetX509DName(client->tls);
        if (virIdentitySetX509DName(ret, identity) < 0)
            goto error;
    }
 #endif
    if (client->sock &&
        virNetSocketGetSELinuxContext(client->sock, &seccontext) < 0)
@ -895,10 +863,8 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client)
 {
    bool secure = false;
    virObjectLock(client);
 #if WITH_GNUTLS
    if (client->tls)
        secure = true;
 #endif
 #if WITH_SASL
    if (client->sasl)
        secure = true;
@ -1019,10 +985,8 @@ void virNetServerClientDispose(void *obj)
 #endif
    if (client->sockTimer > 0)
        virEventRemoveTimeout(client->sockTimer);
 #if WITH_GNUTLS
    virObjectUnref(client->tls);
    virObjectUnref(client->tlsCtxt);
 #endif
    virObjectUnref(client->sock);
 }
@ -1071,12 +1035,10 @@ virNetServerClientCloseLocked(virNetServerClientPtr client)
    if (client->sock)
        virNetSocketRemoveIOCallback(client->sock);
 #if WITH_GNUTLS
    if (client->tls) {
        virObjectUnref(client->tls);
        client->tls = NULL;
    }
 #endif
    client->wantClose = true;
    while (client->rx) {
@ -1139,13 +1101,10 @@ int virNetServerClientInit(virNetServerClientPtr client)
 {
    virObjectLock(client);
 #if WITH_GNUTLS
    if (!client->tlsCtxt) {
 #endif
        /* Plain socket, so prepare to read first message */
        if (virNetServerClientRegisterEvent(client) < 0)
            goto error;
 #if WITH_GNUTLS
    } else {
        int ret;
@ -1174,7 +1133,6 @@ int virNetServerClientInit(virNetServerClientPtr client)
            goto error;
        }
    }
 #endif
    virObjectUnlock(client);
    return 0;
@ -1475,7 +1433,6 @@ virNetServerClientDispatchWrite(virNetServerClientPtr client)
 }
 #if WITH_GNUTLS
 static void
 virNetServerClientDispatchHandshake(virNetServerClientPtr client)
 {
@ -1498,7 +1455,7 @@ virNetServerClientDispatchHandshake(virNetServerClientPtr client)
        client->wantClose = true;
    }
 }
-#endif
+
 static void
 virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque)
@ -1516,21 +1473,17 @@ virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque)
    if (events & (VIR_EVENT_HANDLE_WRITABLE |
                  VIR_EVENT_HANDLE_READABLE)) {
 #if WITH_GNUTLS
        if (client->tls &&
            virNetTLSSessionGetHandshakeStatus(client->tls) !=
            VIR_NET_TLS_HANDSHAKE_COMPLETE) {
            virNetServerClientDispatchHandshake(client);
        } else {
 #endif
            if (events & VIR_EVENT_HANDLE_WRITABLE)
                virNetServerClientDispatchWrite(client);
            if (events & VIR_EVENT_HANDLE_READABLE &&
                client->rx)
                msg = virNetServerClientDispatchRead(client);
 #if WITH_GNUTLS
        }
 #endif
    }
    /* NB, will get HANGUP + READABLE at same time upon
@ -1687,10 +1640,8 @@ virNetServerClientGetTransport(virNetServerClientPtr client)
    else
        ret = VIR_CLIENT_TRANS_TCP;
 #ifdef WITH_GNUTLS
    if (client->tls)
        ret = VIR_CLIENT_TRANS_TLS;
 #endif
    virObjectUnlock(client);
--- a/src/rpc/virnetserverclient.h
+++ b/src/rpc/virnetserverclient.h
@ -69,18 +69,12 @@ virNetServerClientPtr virNetServerClientNew(unsigned long long id,
                                            int auth,
                                            bool readonly,
                                            size_t nrequests_max,
 # ifdef WITH_GNUTLS
                                            virNetTLSContextPtr tls,
 # endif
                                            virNetServerClientPrivNew privNew,
                                            virNetServerClientPrivPreExecRestart privPreExecRestart,
                                            virFreeCallback privFree,
                                            void *privOpaque)
 # ifdef WITH_GNUTLS
    ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(7) ATTRIBUTE_NONNULL(9);
 # else
    ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) ATTRIBUTE_NONNULL(8);
 # endif
 virNetServerClientPtr virNetServerClientNewPostExecRestart(virNetServerPtr srv,
                                                           virJSONValuePtr object,
@ -107,11 +101,9 @@ void virNetServerClientSetReadonly(virNetServerClientPtr client, bool readonly);
 unsigned long long virNetServerClientGetID(virNetServerClientPtr client);
 long long virNetServerClientGetTimestamp(virNetServerClientPtr client);
 # ifdef WITH_GNUTLS
 bool virNetServerClientHasTLSSession(virNetServerClientPtr client);
 virNetTLSSessionPtr virNetServerClientGetTLSSession(virNetServerClientPtr client);
 int virNetServerClientGetTLSKeySize(virNetServerClientPtr client);
 # endif
 # ifdef WITH_SASL
 bool virNetServerClientHasSASLSession(virNetServerClientPtr client);
--- a/src/rpc/virnetserverservice.c
+++ b/src/rpc/virnetserverservice.c
@ -43,9 +43,7 @@ struct _virNetServerService {
    bool readonly;
    size_t nrequests_client_max;
 #if WITH_GNUTLS
    virNetTLSContextPtr tls;
 #endif
    virNetServerServiceDispatchFunc dispatchFunc;
    void *dispatchOpaque;
@ -94,9 +92,7 @@ virNetServerServiceNewFDOrUNIX(const char *path,
                               mode_t mask,
                               gid_t grp,
                               int auth,
 #if WITH_GNUTLS
                               virNetTLSContextPtr tls,
 #endif
                               bool readonly,
                               size_t max_queued_clients,
                               size_t nrequests_client_max,
@ -112,9 +108,7 @@ virNetServerServiceNewFDOrUNIX(const char *path,
                                          mask,
                                          grp,
                                          auth,
 #if WITH_GNUTLS
                                          tls,
 #endif
                                          readonly,
                                          max_queued_clients,
                                          nrequests_client_max);
@ -128,9 +122,7 @@ virNetServerServiceNewFDOrUNIX(const char *path,
         */
        return virNetServerServiceNewFD((*cur_fd)++,
                                        auth,
 #if WITH_GNUTLS
                                        tls,
 #endif
                                        readonly,
                                        max_queued_clients,
                                        nrequests_client_max);
@ -142,9 +134,7 @@ virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
                                                 const char *service,
                                                 int family,
                                                 int auth,
 #if WITH_GNUTLS
                                                 virNetTLSContextPtr tls,
 #endif
                                                 bool readonly,
                                                 size_t max_queued_clients,
                                                 size_t nrequests_client_max)
@ -161,9 +151,7 @@ virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
    svc->auth = auth;
    svc->readonly = readonly;
    svc->nrequests_client_max = nrequests_client_max;
 #if WITH_GNUTLS
    svc->tls = virObjectRef(tls);
 #endif
    if (virNetSocketNewListenTCP(nodename,
                                 service,
@ -202,9 +190,7 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
                                                  mode_t mask,
                                                  gid_t grp,
                                                  int auth,
 #if WITH_GNUTLS
                                                  virNetTLSContextPtr tls,
 #endif
                                                  bool readonly,
                                                  size_t max_queued_clients,
                                                  size_t nrequests_client_max)
@ -221,9 +207,7 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
    svc->auth = auth;
    svc->readonly = readonly;
    svc->nrequests_client_max = nrequests_client_max;
 #if WITH_GNUTLS
    svc->tls = virObjectRef(tls);
 #endif
    if (VIR_ALLOC_N(svc->socks, 1) < 0)
        goto error;
@ -263,9 +247,7 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
 virNetServerServicePtr virNetServerServiceNewFD(int fd,
                                                int auth,
 #if WITH_GNUTLS
                                                virNetTLSContextPtr tls,
 #endif
                                                bool readonly,
                                                size_t max_queued_clients,
                                                size_t nrequests_client_max)
@ -282,9 +264,7 @@ virNetServerServicePtr virNetServerServiceNewFD(int fd,
    svc->auth = auth;
    svc->readonly = readonly;
    svc->nrequests_client_max = nrequests_client_max;
 #if WITH_GNUTLS
    svc->tls = virObjectRef(tls);
 #endif
    if (VIR_ALLOC_N(svc->socks, 1) < 0)
        goto error;
@ -469,12 +449,10 @@ size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc)
    return svc->nrequests_client_max;
 }
 #if WITH_GNUTLS
 virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc)
 {
    return svc->tls;
 }
 #endif
 void virNetServerServiceSetDispatcher(virNetServerServicePtr svc,
                                      virNetServerServiceDispatchFunc func,
@ -494,9 +472,7 @@ void virNetServerServiceDispose(void *obj)
       virObjectUnref(svc->socks[i]);
    VIR_FREE(svc->socks);
 #if WITH_GNUTLS
    virObjectUnref(svc->tls);
 #endif
 }
 void virNetServerServiceToggle(virNetServerServicePtr svc,
--- a/src/rpc/virnetserverservice.h
+++ b/src/rpc/virnetserverservice.h
@ -41,9 +41,7 @@ virNetServerServicePtr virNetServerServiceNewFDOrUNIX(const char *path,
                                                      mode_t mask,
                                                      gid_t grp,
                                                      int auth,
 # if WITH_GNUTLS
                                                      virNetTLSContextPtr tls,
 # endif
                                                      bool readonly,
                                                      size_t max_queued_clients,
                                                      size_t nrequests_client_max,
@ -53,9 +51,7 @@ virNetServerServicePtr virNetServerServiceNewTCP(const char *nodename,
                                                 const char *service,
                                                 int family,
                                                 int auth,
 # if WITH_GNUTLS
                                                 virNetTLSContextPtr tls,
 # endif
                                                 bool readonly,
                                                 size_t max_queued_clients,
                                                 size_t nrequests_client_max);
@ -63,17 +59,13 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const char *path,
                                                  mode_t mask,
                                                  gid_t grp,
                                                  int auth,
 # if WITH_GNUTLS
                                                  virNetTLSContextPtr tls,
 # endif
                                                  bool readonly,
                                                  size_t max_queued_clients,
                                                  size_t nrequests_client_max);
 virNetServerServicePtr virNetServerServiceNewFD(int fd,
                                                int auth,
 # if WITH_GNUTLS
                                                virNetTLSContextPtr tls,
 # endif
                                                bool readonly,
                                                size_t max_queued_clients,
                                                size_t nrequests_client_max);
@ -87,9 +79,7 @@ int virNetServerServiceGetPort(virNetServerServicePtr svc);
 int virNetServerServiceGetAuth(virNetServerServicePtr svc);
 bool virNetServerServiceIsReadonly(virNetServerServicePtr svc);
 size_t virNetServerServiceGetMaxRequests(virNetServerServicePtr svc);
 # ifdef WITH_GNUTLS
 virNetTLSContextPtr virNetServerServiceGetTLSContext(virNetServerServicePtr svc);
 # endif
 void virNetServerServiceSetDispatcher(virNetServerServicePtr svc,
                                      virNetServerServiceDispatchFunc func,
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@ -26,10 +26,8 @@
 #include "viralloc.h"
 #include "virrandom.h"
 #ifdef WITH_GNUTLS
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 #endif
 VIR_LOG_INIT("util.crypto");
@ -39,7 +37,6 @@ static const char hex[] = "0123456789abcdef";
 #define VIR_CRYPTO_LARGEST_DIGEST_SIZE VIR_CRYPTO_HASH_SIZE_SHA256
 #if WITH_GNUTLS
 struct virHashInfo {
    gnutls_digest_algorithm_t algorithm;
@ -74,17 +71,7 @@ virCryptoHashBuf(virCryptoHash hash,
    return hashinfo[hash].hashlen;
 }
-#else
+
 ssize_t
 virCryptoHashBuf(virCryptoHash hash,
                 const char *input ATTRIBUTE_UNUSED,
                 unsigned char *output ATTRIBUTE_UNUSED)
 {
    virReportError(VIR_ERR_INVALID_ARG,
                   _("algorithm=%d is not supported"), hash);
    return -1;
 }
 #endif
 int
 virCryptoHashString(virCryptoHash hash,
@ -129,11 +116,7 @@ virCryptoHaveCipher(virCryptoCipher algorithm)
    switch (algorithm) {
    case VIR_CRYPTO_CIPHER_AES256CBC:
 #ifdef WITH_GNUTLS
        return true;
 #else
        return false;
 #endif
    case VIR_CRYPTO_CIPHER_NONE:
    case VIR_CRYPTO_CIPHER_LAST:
@ -144,7 +127,6 @@ virCryptoHaveCipher(virCryptoCipher algorithm)
 }
 #ifdef WITH_GNUTLS
 /* virCryptoEncryptDataAESgntuls:
 *
 * Performs the AES gnutls encryption
@ -295,22 +277,3 @@ virCryptoEncryptData(virCryptoCipher algorithm,
                   _("algorithm=%d is not supported"), algorithm);
    return -1;
 }
 #else
 int
 virCryptoEncryptData(virCryptoCipher algorithm,
                     uint8_t *enckey ATTRIBUTE_UNUSED,
                     size_t enckeylen ATTRIBUTE_UNUSED,
                     uint8_t *iv ATTRIBUTE_UNUSED,
                     size_t ivlen ATTRIBUTE_UNUSED,
                     uint8_t *data ATTRIBUTE_UNUSED,
                     size_t datalen ATTRIBUTE_UNUSED,
                     uint8_t **ciphertext ATTRIBUTE_UNUSED,
                     size_t *ciphertextlen ATTRIBUTE_UNUSED)
 {
    virReportError(VIR_ERR_INVALID_ARG,
                   _("algorithm=%d is not supported"), algorithm);
    return -1;
 }
 #endif
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@ -1043,10 +1043,8 @@ mymain(void)
    DO_TEST("disk-drive-network-sheepdog", NONE);
    DO_TEST("disk-drive-network-rbd-auth", NONE);
    DO_TEST("disk-drive-network-source-auth", NONE);
 # ifdef WITH_GNUTLS
    DO_TEST("disk-drive-network-rbd-auth-AES",
            QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI);
 # endif
    DO_TEST("disk-drive-network-rbd-ipv6", NONE);
    DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE);
    DO_TEST("disk-drive-network-vxhs", QEMU_CAPS_VXHS);
@ -1339,17 +1337,10 @@ mymain(void)
    if (VIR_STRDUP_QUIET(driver.config->chardevTLSx509secretUUID,
                         "6fd3f62d-9fe7-4a4e-a869-7acd6376d8ea") < 0)
        return EXIT_FAILURE;
 # ifdef WITH_GNUTLS
    DO_TEST("serial-tcp-tlsx509-secret-chardev",
            QEMU_CAPS_OBJECT_SECRET,
            QEMU_CAPS_DEVICE_ISA_SERIAL,
            QEMU_CAPS_OBJECT_TLS_CREDS_X509);
 # else
    DO_TEST_FAILURE("serial-tcp-tlsx509-secret-chardev",
                    QEMU_CAPS_OBJECT_SECRET,
                    QEMU_CAPS_DEVICE_ISA_SERIAL,
                    QEMU_CAPS_OBJECT_TLS_CREDS_X509);
 # endif
    driver.config->chardevTLS = 0;
    VIR_FREE(driver.config->chardevTLSx509certdir);
    DO_TEST("serial-many-chardev",
@ -1653,14 +1644,10 @@ mymain(void)
    DO_TEST("encrypted-disk", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT_SECRET);
    DO_TEST("encrypted-disk-usage", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT_SECRET);
 # ifdef WITH_GNUTLS
    DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET);
    DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET);
    DO_TEST_PARSE_ERROR("luks-disks-source-qcow2", QEMU_CAPS_OBJECT_SECRET);
    DO_TEST("luks-disks-source-qcow2", QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_QCOW2_LUKS);
 # else
    DO_TEST_FAILURE("luks-disks", QEMU_CAPS_OBJECT_SECRET);
 # endif
    DO_TEST_PARSE_ERROR("luks-disk-invalid", NONE);
    DO_TEST_PARSE_ERROR("luks-disks-source-both", QEMU_CAPS_OBJECT_SECRET);
@ -2351,12 +2338,10 @@ mymain(void)
    DO_TEST("hostdev-scsi-virtio-iscsi-auth",
            QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI,
            QEMU_CAPS_DEVICE_SCSI_GENERIC);
 # ifdef WITH_GNUTLS
    DO_TEST("disk-hostdev-scsi-virtio-iscsi-auth-AES",
            QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI,
            QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_OBJECT_SECRET,
            QEMU_CAPS_ISCSI_PASSWORD_SECRET);
 # endif
    DO_TEST("hostdev-scsi-vhost-scsi-ccw",
            QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE_VHOST_SCSI,
            QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_CCW);
--- a/tests/vircryptotest.c
+++ b/tests/vircryptotest.c
@ -22,7 +22,6 @@
 #include "testutils.h"
 #if WITH_GNUTLS
 #include "vircrypto.h"
 #include "virrandom.h"
@ -181,12 +180,3 @@ mymain(void)
 /* Forces usage of not so random virRandomBytes */
 VIR_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virrandommock.so")
 #else
 static int
 mymain(void)
 {
    return EXIT_AM_SKIP;
 }
 VIR_TEST_MAIN(mymain);
 #endif /* WITH_GNUTLS */
--- a/tests/virfilecachetest.c
+++ b/tests/virfilecachetest.c
@ -21,7 +21,6 @@
 #include "testutils.h"
 #if WITH_GNUTLS
 #include "virfile.h"
 #include "virfilecache.h"
@ -235,12 +234,3 @@ mymain(void)
 }
 VIR_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virfilecachemock.so")
 #else
 static int
 mymain(void)
 {
    return EXIT_AM_SKIP;
 }
 VIR_TEST_MAIN(mymain);
 #endif /* WITH_GNUTLS */
--- a/tests/virnetdaemontest.c
+++ b/tests/virnetdaemontest.c
@ -117,9 +117,7 @@ testCreateServer(const char *server_name, const char *host, int family)
                                           NULL,
                                           family,
                                           VIR_NET_SERVER_SERVICE_AUTH_NONE,
 # ifdef WITH_GNUTLS
                                           NULL,
 # endif
                                           true,
                                           5,
                                           2)))
@ -129,9 +127,7 @@ testCreateServer(const char *server_name, const char *host, int family)
                                           NULL,
                                           family,
                                           VIR_NET_SERVER_SERVICE_AUTH_POLKIT,
 # ifdef WITH_GNUTLS
                                           NULL,
 # endif
                                           false,
                                           25,
                                           5)))
@ -152,9 +148,7 @@ testCreateServer(const char *server_name, const char *host, int family)
                                       VIR_NET_SERVER_SERVICE_AUTH_SASL,
                                       true,
                                       15,
 # ifdef WITH_GNUTLS
                                       NULL,
 # endif
                                       testClientNew,
                                       testClientPreExec,
                                       testClientFree,
@ -166,9 +160,7 @@ testCreateServer(const char *server_name, const char *host, int family)
                                       VIR_NET_SERVER_SERVICE_AUTH_POLKIT,
                                       true,
                                       66,
 # ifdef WITH_GNUTLS
                                       NULL,
 # endif
                                       testClientNew,
                                       testClientPreExec,
                                       testClientFree,
--- a/tests/virnetserverclienttest.c
+++ b/tests/virnetserverclienttest.c
@ -73,9 +73,7 @@ static int testIdentity(const void *opaque ATTRIBUTE_UNUSED)
    sv[0] = -1;
    if (!(client = virNetServerClientNew(1, sock, 0, false, 1,
 # ifdef WITH_GNUTLS
                                         NULL,
 # endif
                                         testClientNew,
                                         NULL,
                                         testClientFree,
--- a/tests/virrandommock.c
+++ b/tests/virrandommock.c
@ -22,6 +22,9 @@
 #ifndef WIN32
 # include <stdio.h>
 # include <gnutls/gnutls.h>
 # include "internal.h"
 # include "virstring.h"
 # include "virrandom.h"
@ -50,10 +53,6 @@ int virRandomGenerateWWN(char **wwn,
 }
 # ifdef WITH_GNUTLS
 #  include <stdio.h>
 #  include <gnutls/gnutls.h>
 static int (*real_gnutls_dh_params_generate2)(gnutls_dh_params_t dparams,
                                              unsigned int bits);
@ -87,7 +86,6 @@ gnutls_dh_params_generate2(gnutls_dh_params_t dparams,
    return gnutls_dh_params_cpy(dparams, params_cache);
 }
 # endif
 #else /* WIN32 */
 /* Can't mock on WIN32 */
 #endif