Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / b48b7b4109868a8c0ddda090992e936e821c7ea6 / . / import-layers / meta-openembedded / meta-oe / recipes-extended / rsyslog / rsyslog / use_gnutls_certificate_type_set_priority_only_if_available.patch
blob: e1dab759ab3089d47f430a2380f66e2b33afc93f [file] [log] [blame]
From 21674039db99d1067e9df4df04d965297d62c6af Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 18 May 2015 09:36:02 +0200
Subject: [PATCH] use gnutls_certificate_type_set_priority() only if available
The gnutls_certificate_type_set_priority function is deprecated
and not available in recent GnuTLS versions. However, there is no
doc how to properly replace it with gnutls_priority_set_direct.
A lot of folks have simply removed it, when they also called
gnutls_set_default_priority. This is what we now also do. If
this causes problems or someone has an idea of how to replace
the deprecated function in a better way, please let us know!
In any case, we use it as long as it is available and let
not insult us by the deprecation warnings.
Upstream-Status: Backport
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
configure.ac | 1 +
runtime/nsd_gtls.c | 18 ++++++++++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 56835fb..1c2be01 100644
--- a/configure.ac
+++ b/configure.ac
@@ -765,6 +765,7 @@ if test "x$enable_gnutls" = "xyes"; then
AC_DEFINE([ENABLE_GNUTLS], [1], [Indicator that GnuTLS is present])
AC_CHECK_LIB(gnutls, gnutls_global_init)
AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
+ AC_CHECK_FUNCS(gnutls_certificate_type_set_priority,,)
fi
AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes)
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index e127834..4b6aab1 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -1658,8 +1658,9 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host)
nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
int sock;
int gnuRet;
- /* TODO: later? static const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };*/
+# if HAVE_GNUTLS_CERTIFICATE_TYPE_SET_PRIORITY
static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };
+# endif
DEFiRet;
ISOBJ_TYPE_assert(pThis, nsd_gtls);
@@ -1688,14 +1689,27 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host)
gnutls_certificate_set_retrieve_function(xcred, gtlsClientCertCallback);
# else
gnutls_certificate_client_set_retrieve_function(xcred, gtlsClientCertCallback);
-# endif
+# endif
} else if(iRet != RS_RET_CERTLESS) {
FINALIZE; /* we have an error case! */
}
/* Use default priorities */
CHKgnutls(gnutls_set_default_priority(pThis->sess));
+# if HAVE_GNUTLS_CERTIFICATE_TYPE_SET_PRIORITY
+ /* The gnutls_certificate_type_set_priority function is deprecated
+ * and not available in recent GnuTLS versions. However, there is no
+ * doc how to properly replace it with gnutls_priority_set_direct.
+ * A lot of folks have simply removed it, when they also called
+ * gnutls_set_default_priority. This is what we now also do. If
+ * this causes problems or someone has an idea of how to replace
+ * the deprecated function in a better way, please let us know!
+ * In any case, we use it as long as it is available and let
+ * not insult us by the deprecation warnings.
+ * 2015-05-18 rgerhards
+ */
CHKgnutls(gnutls_certificate_type_set_priority(pThis->sess, cert_type_priority));
+# endif
/* put the x509 credentials to the current session */
CHKgnutls(gnutls_credentials_set(pThis->sess, GNUTLS_CRD_CERTIFICATE, xcred));