Fix build with gnutls 1.0.x branch

2025-01-03 11:35:19 +00:00 · 2011-07-26 06:53:39 -04:00 · 2011-07-26 06:53:39 -04:00 · 4d349ef7be
commit 4d349ef7be
parent a4b4b6aa30
2 changed files with 16 additions and 1 deletions
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@ -139,6 +139,15 @@ static int virNetTLSContextCheckCertTimes(gnutls_x509_crt_t cert,
    return 0;
 }

+
+#ifndef GNUTLS_1_0_COMPAT
+/*
+ * The gnutls_x509_crt_get_basic_constraints function isn't
+ * available in GNUTLS 1.0.x branches. This isn't critical
+ * though, since gnutls_certificate_verify_peers2 will do
+ * pretty much the same check at runtime, so we can just
+ * disable this code
+ */
 static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
                                                     const char *certFile,
                                                     bool isServer,
@ -180,6 +189,8 @@ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,

    return 0;
 }
+#endif
+

 static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert,
                                             const char *certFile,
@ -412,9 +423,11 @@ static int virNetTLSContextCheckCert(gnutls_x509_crt_t cert,
                                       isServer, isCA) < 0)
        return -1;

+#ifndef GNUTLS_1_0_COMPAT
    if (virNetTLSContextCheckCertBasicConstraints(cert, certFile,
                                                  isServer, isCA) < 0)
        return -1;
+#endif

    if (virNetTLSContextCheckCertKeyUsage(cert, certFile,
                                          isCA) < 0)
@ -1019,11 +1032,13 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt,
            /* !sess->isServer, since on the client, we're validating the
             * server's cert, and on the server, the client's cert
             */
+#ifndef GNUTLS_1_0_COMPAT
            if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]",
                                                          !sess->isServer, false) < 0) {
                gnutls_x509_crt_deinit(cert);
                goto authdeny;
            }
+#endif

            if (virNetTLSContextCheckCertKeyUsage(cert, "[session]",
                                                  false) < 0) {
--- a/tests/virnettlscontexttest.c
+++ b/tests/virnettlscontexttest.c
@ -33,7 +33,7 @@
 #include "command.h"
 #include "network.h"

-#if !defined WIN32 && HAVE_LIBTASN1_H
+#if !defined WIN32 && HAVE_LIBTASN1_H && !defined GNUTLS_1_0_COMPAT
 # include <libtasn1.h>
 # include <gnutls/gnutls.h>
 # include <gnutls/x509.h>