import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/replace_deprecated_GnuTLS_functions.patch - openbmc/openbmc - Gitiles

 replace deprecated GnuTLS functions with newer ones if available

 closes https://github.com/rsyslog/rsyslog/issues/302

 Upstream fix https://github.com/rsyslog/rsyslog/commit/b34c35e38f258935c0e92ca754da097d7f3f0f58

 Upstream-Status: Backport
 Signed-off-by: Tudor Florea  <tudor.florea@enea.com>

 ---
  configure.ac       |  2 ++
  runtime/nsd_gtls.c | 21 ++++++++++++++++++---
  2 files changed, 20 insertions(+), 3 deletions(-)

 diff --git a/configure.ac b/configure.ac
 index 643fc94..56835fb 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -763,6 +763,8 @@ AC_ARG_ENABLE(gnutls,
  if test "x$enable_gnutls" = "xyes"; then
  	PKG_CHECK_MODULES(GNUTLS, gnutls >= 1.4.0)
  	AC_DEFINE([ENABLE_GNUTLS], [1], [Indicator that GnuTLS is present])
 +        AC_CHECK_LIB(gnutls, gnutls_global_init)
 +	AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
  fi
  AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes)

 diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
 index a763e4b..e127834 100644
 --- a/runtime/nsd_gtls.c
 +++ b/runtime/nsd_gtls.c
 @@ -232,15 +232,26 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis)
   */
  static int
  gtlsClientCertCallback(gnutls_session session,
 -              __attribute__((unused)) const gnutls_datum* req_ca_rdn, int __attribute__((unused)) nreqs,
 -              __attribute__((unused)) const gnutls_pk_algorithm* sign_algos, int __attribute__((unused)) sign_algos_length,
 -              gnutls_retr_st *st)
 +        __attribute__((unused)) const gnutls_datum* req_ca_rdn,
 +	int __attribute__((unused)) nreqs,
 +        __attribute__((unused)) const gnutls_pk_algorithm* sign_algos,
 +	int __attribute__((unused)) sign_algos_length,
 +#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
 +	gnutls_retr2_st* st
 +#else
 +        gnutls_retr_st *st
 +#endif
 +	)
  {
  	nsd_gtls_t *pThis;

  	pThis = (nsd_gtls_t*) gnutls_session_get_ptr(session);

 +#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
 +	st->cert_type = GNUTLS_CRT_X509;
 +#else
  	st->type = GNUTLS_CRT_X509;
 +#endif
  	st->ncerts = 1;
  	st->cert.x509 = &pThis->ourCert;
  	st->key.x509 = pThis->ourKey;
 @@ -1625,7 +1625,11 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host)
  	gnutls_session_set_ptr(pThis->sess, (void*)pThis);
  	iRet = gtlsLoadOurCertKey(pThis); /* first load .pem files */
  	if(iRet == RS_RET_OK) {
 +#		if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
 +		gnutls_certificate_set_retrieve_function(xcred, gtlsClientCertCallback);
 +#		else
  		gnutls_certificate_client_set_retrieve_function(xcred, gtlsClientCertCallback);
 +#	endif
  	} else if(iRet != RS_RET_CERTLESS) {
  		FINALIZE; /* we have an error case! */
  	}
	replace deprecated GnuTLS functions with newer ones if available

	closes https://github.com/rsyslog/rsyslog/issues/302

	Upstream fix https://github.com/rsyslog/rsyslog/commit/b34c35e38f258935c0e92ca754da097d7f3f0f58

	Upstream-Status: Backport
	Signed-off-by: Tudor Florea <tudor.florea@enea.com>

	---
	configure.ac \| 2 ++
	runtime/nsd_gtls.c \| 21 ++++++++++++++++++---
	2 files changed, 20 insertions(+), 3 deletions(-)

	diff --git a/configure.ac b/configure.ac
	index 643fc94..56835fb 100644
	--- a/configure.ac
	+++ b/configure.ac
	@@ -763,6 +763,8 @@ AC_ARG_ENABLE(gnutls,
	if test "x$enable_gnutls" = "xyes"; then
	PKG_CHECK_MODULES(GNUTLS, gnutls >= 1.4.0)
	AC_DEFINE([ENABLE_GNUTLS], [1], [Indicator that GnuTLS is present])
	+ AC_CHECK_LIB(gnutls, gnutls_global_init)
	+ AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
	fi
	AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes)

	diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
	index a763e4b..e127834 100644
	--- a/runtime/nsd_gtls.c
	+++ b/runtime/nsd_gtls.c
	@@ -232,15 +232,26 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis)
	*/
	static int
	gtlsClientCertCallback(gnutls_session session,
	- __attribute__((unused)) const gnutls_datum* req_ca_rdn, int __attribute__((unused)) nreqs,
	- __attribute__((unused)) const gnutls_pk_algorithm* sign_algos, int __attribute__((unused)) sign_algos_length,
	- gnutls_retr_st *st)
	+ __attribute__((unused)) const gnutls_datum* req_ca_rdn,
	+ int __attribute__((unused)) nreqs,
	+ __attribute__((unused)) const gnutls_pk_algorithm* sign_algos,
	+ int __attribute__((unused)) sign_algos_length,
	+#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
	+ gnutls_retr2_st* st
	+#else
	+ gnutls_retr_st *st
	+#endif
	+ )
	{
	nsd_gtls_t *pThis;

	pThis = (nsd_gtls_t*) gnutls_session_get_ptr(session);

	+#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
	+ st->cert_type = GNUTLS_CRT_X509;
	+#else
	st->type = GNUTLS_CRT_X509;
	+#endif
	st->ncerts = 1;
	st->cert.x509 = &pThis->ourCert;
	st->key.x509 = pThis->ourKey;
	@@ -1625,7 +1625,11 @@ Connect(nsd_t pNsd, int family, uchar port, uchar *host)
	gnutls_session_set_ptr(pThis->sess, (void*)pThis);
	iRet = gtlsLoadOurCertKey(pThis); /* first load .pem files */
	if(iRet == RS_RET_OK) {
	+# if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
	+ gnutls_certificate_set_retrieve_function(xcred, gtlsClientCertCallback);
	+# else
	gnutls_certificate_client_set_retrieve_function(xcred, gtlsClientCertCallback);
	+# endif
	} else if(iRet != RS_RET_CERTLESS) {
	FINALIZE; /* we have an error case! */
	}