| replace deprecated GnuTLS functions with newer ones if available |
| |
| closes https://github.com/rsyslog/rsyslog/issues/302 |
| |
| Upstream fix https://github.com/rsyslog/rsyslog/commit/b34c35e38f258935c0e92ca754da097d7f3f0f58 |
| |
| Upstream-Status: Backport |
| Signed-off-by: Tudor Florea <tudor.florea@enea.com> |
| |
| --- |
| configure.ac | 2 ++ |
| runtime/nsd_gtls.c | 21 ++++++++++++++++++--- |
| 2 files changed, 20 insertions(+), 3 deletions(-) |
| |
| diff --git a/configure.ac b/configure.ac |
| index 643fc94..56835fb 100644 |
| --- a/configure.ac |
| +++ b/configure.ac |
| @@ -763,6 +763,8 @@ AC_ARG_ENABLE(gnutls, |
| if test "x$enable_gnutls" = "xyes"; then |
| PKG_CHECK_MODULES(GNUTLS, gnutls >= 1.4.0) |
| AC_DEFINE([ENABLE_GNUTLS], [1], [Indicator that GnuTLS is present]) |
| + AC_CHECK_LIB(gnutls, gnutls_global_init) |
| + AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,) |
| fi |
| AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes) |
| |
| diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c |
| index a763e4b..e127834 100644 |
| --- a/runtime/nsd_gtls.c |
| +++ b/runtime/nsd_gtls.c |
| @@ -232,15 +232,26 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis) |
| */ |
| static int |
| gtlsClientCertCallback(gnutls_session session, |
| - __attribute__((unused)) const gnutls_datum* req_ca_rdn, int __attribute__((unused)) nreqs, |
| - __attribute__((unused)) const gnutls_pk_algorithm* sign_algos, int __attribute__((unused)) sign_algos_length, |
| - gnutls_retr_st *st) |
| + __attribute__((unused)) const gnutls_datum* req_ca_rdn, |
| + int __attribute__((unused)) nreqs, |
| + __attribute__((unused)) const gnutls_pk_algorithm* sign_algos, |
| + int __attribute__((unused)) sign_algos_length, |
| +#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION |
| + gnutls_retr2_st* st |
| +#else |
| + gnutls_retr_st *st |
| +#endif |
| + ) |
| { |
| nsd_gtls_t *pThis; |
| |
| pThis = (nsd_gtls_t*) gnutls_session_get_ptr(session); |
| |
| +#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION |
| + st->cert_type = GNUTLS_CRT_X509; |
| +#else |
| st->type = GNUTLS_CRT_X509; |
| +#endif |
| st->ncerts = 1; |
| st->cert.x509 = &pThis->ourCert; |
| st->key.x509 = pThis->ourKey; |
| @@ -1625,7 +1625,11 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host) |
| gnutls_session_set_ptr(pThis->sess, (void*)pThis); |
| iRet = gtlsLoadOurCertKey(pThis); /* first load .pem files */ |
| if(iRet == RS_RET_OK) { |
| +# if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION |
| + gnutls_certificate_set_retrieve_function(xcred, gtlsClientCertCallback); |
| +# else |
| gnutls_certificate_client_set_retrieve_function(xcred, gtlsClientCertCallback); |
| +# endif |
| } else if(iRet != RS_RET_CERTLESS) { |
| FINALIZE; /* we have an error case! */ |
| } |