External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-20 11:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix build with gnutls 1.0.x branch

Browse Source
This commit is contained in:
Daniel P. Berrange 2011-07-26 06:53:39 -04:00
parent a4b4b6aa30
commit 4d349ef7be
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/rpc/virnettlscontext.c
View File

@ -139,6 +139,15 @@ static int virNetTLSContextCheckCertTimes(gnutls_x509_crt_t cert,
return 0; return 0;
} }
#ifndef GNUTLS_1_0_COMPAT
/*
* The gnutls_x509_crt_get_basic_constraints function isn't
* available in GNUTLS 1.0.x branches. This isn't critical
* though, since gnutls_certificate_verify_peers2 will do
* pretty much the same check at runtime, so we can just
* disable this code
*/
static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert, static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
const char *certFile, const char *certFile,
bool isServer, bool isServer,
@ -180,6 +189,8 @@ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
return 0; return 0;
} }
#endif
static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert, static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert,
const char *certFile, const char *certFile,
@ -412,9 +423,11 @@ static int virNetTLSContextCheckCert(gnutls_x509_crt_t cert,
isServer, isCA) < 0) isServer, isCA) < 0)
return -1; return -1;
#ifndef GNUTLS_1_0_COMPAT
if (virNetTLSContextCheckCertBasicConstraints(cert, certFile, if (virNetTLSContextCheckCertBasicConstraints(cert, certFile,
isServer, isCA) < 0) isServer, isCA) < 0)
return -1; return -1;
#endif
if (virNetTLSContextCheckCertKeyUsage(cert, certFile, if (virNetTLSContextCheckCertKeyUsage(cert, certFile,
isCA) < 0) isCA) < 0)
@ -1019,11 +1032,13 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt,
/* !sess->isServer, since on the client, we're validating the /* !sess->isServer, since on the client, we're validating the
* server's cert, and on the server, the client's cert * server's cert, and on the server, the client's cert
*/ */
#ifndef GNUTLS_1_0_COMPAT
if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]", if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]",
!sess->isServer, false) < 0) { !sess->isServer, false) < 0) {
gnutls_x509_crt_deinit(cert); gnutls_x509_crt_deinit(cert);
goto authdeny; goto authdeny;
} }
#endif
if (virNetTLSContextCheckCertKeyUsage(cert, "[session]", if (virNetTLSContextCheckCertKeyUsage(cert, "[session]",
false) < 0) { false) < 0) {

2
tests/virnettlscontexttest.c
View File

@ -33,7 +33,7 @@
#include "command.h" #include "command.h"
#include "network.h" #include "network.h"
#if !defined WIN32 && HAVE_LIBTASN1_H #if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT
# include <libtasn1.h> # include <libtasn1.h>
# include <gnutls/gnutls.h> # include <gnutls/gnutls.h>
# include <gnutls/x509.h> # include <gnutls/x509.h>