diff --git a/configure.ac b/configure.ac
index 12eb3b3fb6..73ce586fed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -117,7 +117,7 @@ fi
dnl Required minimum versions of all libs we depend on
LIBXML_REQUIRED="2.6.0"
-GNUTLS_REQUIRED="1.0.25"
+GNUTLS_REQUIRED="2.2.0"
POLKIT_REQUIRED="0.6"
PARTED_REQUIRED="1.8.0"
DEVMAPPER_REQUIRED=1.0.0
diff --git a/src/Makefile.am b/src/Makefile.am
index f020b9227f..8c83b0cd0f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -437,7 +437,6 @@ remote/qemu_client_bodies.h: $(srcdir)/rpc/gendispatch.pl \
> $(srcdir)/remote/qemu_client_bodies.h
REMOTE_DRIVER_SOURCES = \
- gnutls_1_0_compat.h \
remote/remote_driver.c remote/remote_driver.h \
$(REMOTE_DRIVER_GENERATED)
diff --git a/src/gnutls_1_0_compat.h b/src/gnutls_1_0_compat.h
deleted file mode 100644
index b006e2b541..0000000000
--- a/src/gnutls_1_0_compat.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * gnutls_1_0_compat.h: GnuTLS 1.0 compatibility
- *
- * Copyright (C) 2007, 2013 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library. If not, see
- * .
- *
- * Author: Richard W.M. Jones
- */
-
-#ifndef LIBVIRT_GNUTLS_1_0_COMPAT_H__
-# define LIBVIRT_GNUTLS_1_0_COMPAT_H__
-
-# include
-
-/* enable backward compatibility macros for gnutls 1.x.y */
-# if LIBGNUTLS_VERSION_MAJOR < 2
-# define GNUTLS_1_0_COMPAT
-# endif
-
-# ifdef GNUTLS_1_0_COMPAT
-# define gnutls_session_t gnutls_session
-# define gnutls_x509_crt_t gnutls_x509_crt
-# define gnutls_dh_params_t gnutls_dh_params
-# define gnutls_transport_ptr_t gnutls_transport_ptr
-# define gnutls_datum_t gnutls_datum
-# define gnutls_certificate_credentials_t gnutls_certificate_credentials
-# define gnutls_cipher_algorithm_t gnutls_cipher_algorithm
-# endif
-
-#endif /* LIBVIRT_GNUTLS_1_0_COMPAT_H__ */
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 6e78623f3f..9919556bc7 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -29,7 +29,6 @@
# include
#endif
#include
-#include "gnutls_1_0_compat.h"
#include "virnettlscontext.h"
#include "virstring.h"
@@ -170,14 +169,6 @@ static int virNetTLSContextCheckCertTimes(gnutls_x509_crt_t cert,
}
-#ifndef GNUTLS_1_0_COMPAT
-/*
- * The gnutls_x509_crt_get_basic_constraints function isn't
- * available in GNUTLS 1.0.x branches. This isn't critical
- * though, since gnutls_certificate_verify_peers2 will do
- * pretty much the same check at runtime, so we can just
- * disable this code
- */
static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
const char *certFile,
bool isServer,
@@ -219,7 +210,6 @@ static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
return 0;
}
-#endif
static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert,
@@ -438,11 +428,9 @@ static int virNetTLSContextCheckCert(gnutls_x509_crt_t cert,
isServer, isCA) < 0)
return -1;
-#ifndef GNUTLS_1_0_COMPAT
if (virNetTLSContextCheckCertBasicConstraints(cert, certFile,
isServer, isCA) < 0)
return -1;
-#endif
if (virNetTLSContextCheckCertKeyUsage(cert, certFile,
isCA) < 0)
@@ -489,10 +477,8 @@ static int virNetTLSContextCheckCertPair(gnutls_x509_crt_t cert,
if (status & GNUTLS_CERT_REVOKED)
reason = _("The certificate has been revoked.");
-#ifndef GNUTLS_1_0_COMPAT
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
reason = _("The certificate uses an insecure algorithm");
-#endif
virReportError(VIR_ERR_SYSTEM_ERROR,
_("Our own certificate %s failed validation against %s: %s"),
@@ -1022,10 +1008,8 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt,
if (status & GNUTLS_CERT_REVOKED)
reason = _("The certificate has been revoked.");
-#ifndef GNUTLS_1_0_COMPAT
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
reason = _("The certificate uses an insecure algorithm");
-#endif
virReportError(VIR_ERR_SYSTEM_ERROR,
_("Certificate failed validation: %s"),
@@ -1088,13 +1072,11 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt,
/* !sess->isServer, since on the client, we're validating the
* server's cert, and on the server, the client's cert
*/
-#ifndef GNUTLS_1_0_COMPAT
if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]",
!sess->isServer, false) < 0) {
gnutls_x509_crt_deinit(cert);
goto authdeny;
}
-#endif
if (virNetTLSContextCheckCertKeyUsage(cert, "[session]",
false) < 0) {
diff --git a/tests/virnettlshelpers.h b/tests/virnettlshelpers.h
index 3f6afb997a..48e743134e 100644
--- a/tests/virnettlshelpers.h
+++ b/tests/virnettlshelpers.h
@@ -22,7 +22,6 @@
#include
#if !defined WIN32 && HAVE_LIBTASN1_H && LIBGNUTLS_VERSION_NUMBER >= 0x020600
-# include "gnutls_1_0_compat.h"
# include