import-layers/yocto-poky/meta/recipes-support/neon/neon/gnutls_4.3_fixup.patch - openbmc/openbmc - Gitiles

 replace deprecated GnuTLS functions with newer ones if available

 Upstream-Status: Pending

 Signed-off-by: Armin Kuster <akuster808@gmail.com>

 Index: neon-0.30.1/macros/neon.m4
 ===================================================================
 --- neon-0.30.1.orig/macros/neon.m4
 +++ neon-0.30.1/macros/neon.m4
 @@ -987,6 +987,10 @@ gnutls)
                    gnutls_certificate_get_x509_cas \
                    gnutls_x509_crt_sign2])

 +   # gnutls 4.3 check
 +   AC_CHECK_LIB(gnutls, gnutls_global_init)
 +   AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
 +
     # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
     if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
         AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
 Index: neon-0.30.1/src/ne_gnutls.c
 ===================================================================
 --- neon-0.30.1.orig/src/ne_gnutls.c
 +++ neon-0.30.1/src/ne_gnutls.c
 @@ -553,7 +553,13 @@ dup_error:
  static int provide_client_cert(gnutls_session_t session,
                                 const gnutls_datum_t *req_ca_rdn, int nreqs,
                                 const gnutls_pk_algorithm_t *sign_algos,
 -                               int sign_algos_length, gnutls_retr_st *st)
 +                               int sign_algos_length,
 +#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
 +    gnutls_retr2_st* st
 +#else
 +    gnutls_retr_st *st
 +#endif
 +    )
  {
      ne_session *sess = gnutls_session_get_ptr(session);

 @@ -617,8 +623,11 @@ static int provide_client_cert(gnutls_se
  #endif
              ) {
              NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n");
 -
 +#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
 +            st->cert_type = type;
 +#else
              st->type = type;
 +#endif
              st->ncerts = 1;
              st->cert.x509 = &sess->client_cert->cert.subject;
              st->key.x509 = sess->client_cert->pkey;
 @@ -649,8 +658,14 @@ ne_ssl_context *ne_ssl_context_create(in
      ne_ssl_context *ctx = ne_calloc(sizeof *ctx);
      gnutls_certificate_allocate_credentials(&ctx->cred);
      if (flags == NE_SSL_CTX_CLIENT) {
 +
 +#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
 +        gnutls_certificate_set_retrieve_function(ctx->cred,
 +                                                       provide_client_cert);
 +#else
          gnutls_certificate_client_set_retrieve_function(ctx->cred,
                                                          provide_client_cert);
 +#endif
      }
      gnutls_certificate_set_verify_flags(ctx->cred,
                                          GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
	replace deprecated GnuTLS functions with newer ones if available

	Upstream-Status: Pending

	Signed-off-by: Armin Kuster <akuster808@gmail.com>

	Index: neon-0.30.1/macros/neon.m4
	===================================================================
	--- neon-0.30.1.orig/macros/neon.m4
	+++ neon-0.30.1/macros/neon.m4
	@@ -987,6 +987,10 @@ gnutls)
	gnutls_certificate_get_x509_cas \
	gnutls_x509_crt_sign2])

	+ # gnutls 4.3 check
	+ AC_CHECK_LIB(gnutls, gnutls_global_init)
	+ AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
	+
	# fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
	if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
	AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
	Index: neon-0.30.1/src/ne_gnutls.c
	===================================================================
	--- neon-0.30.1.orig/src/ne_gnutls.c
	+++ neon-0.30.1/src/ne_gnutls.c
	@@ -553,7 +553,13 @@ dup_error:
	static int provide_client_cert(gnutls_session_t session,
	const gnutls_datum_t *req_ca_rdn, int nreqs,
	const gnutls_pk_algorithm_t *sign_algos,
	- int sign_algos_length, gnutls_retr_st *st)
	+ int sign_algos_length,
	+#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
	+ gnutls_retr2_st* st
	+#else
	+ gnutls_retr_st *st
	+#endif
	+ )
	{
	ne_session *sess = gnutls_session_get_ptr(session);

	@@ -617,8 +623,11 @@ static int provide_client_cert(gnutls_se
	#endif
	) {
	NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n");
	-
	+#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
	+ st->cert_type = type;
	+#else
	st->type = type;
	+#endif
	st->ncerts = 1;
	st->cert.x509 = &sess->client_cert->cert.subject;
	st->key.x509 = sess->client_cert->pkey;
	@@ -649,8 +658,14 @@ ne_ssl_context *ne_ssl_context_create(in
	ne_ssl_context ctx = ne_calloc(sizeof ctx);
	gnutls_certificate_allocate_credentials(&ctx->cred);
	if (flags == NE_SSL_CTX_CLIENT) {
	+
	+#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
	+ gnutls_certificate_set_retrieve_function(ctx->cred,
	+ provide_client_cert);
	+#else
	gnutls_certificate_client_set_retrieve_function(ctx->cred,
	provide_client_cert);
	+#endif
	}
	gnutls_certificate_set_verify_flags(ctx->cred,
	GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);