Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 1 | replace deprecated GnuTLS functions with newer ones if available |
| 2 | |
| 3 | closes https://github.com/rsyslog/rsyslog/issues/302 |
| 4 | |
| 5 | Upstream fix https://github.com/rsyslog/rsyslog/commit/b34c35e38f258935c0e92ca754da097d7f3f0f58 |
| 6 | |
| 7 | Upstream-Status: Backport |
| 8 | Signed-off-by: Tudor Florea <tudor.florea@enea.com> |
| 9 | |
| 10 | --- |
| 11 | configure.ac | 2 ++ |
| 12 | runtime/nsd_gtls.c | 21 ++++++++++++++++++--- |
| 13 | 2 files changed, 20 insertions(+), 3 deletions(-) |
| 14 | |
| 15 | diff --git a/configure.ac b/configure.ac |
| 16 | index 643fc94..56835fb 100644 |
| 17 | --- a/configure.ac |
| 18 | +++ b/configure.ac |
| 19 | @@ -763,6 +763,8 @@ AC_ARG_ENABLE(gnutls, |
| 20 | if test "x$enable_gnutls" = "xyes"; then |
| 21 | PKG_CHECK_MODULES(GNUTLS, gnutls >= 1.4.0) |
| 22 | AC_DEFINE([ENABLE_GNUTLS], [1], [Indicator that GnuTLS is present]) |
| 23 | + AC_CHECK_LIB(gnutls, gnutls_global_init) |
| 24 | + AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,) |
| 25 | fi |
| 26 | AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes) |
| 27 | |
| 28 | diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c |
| 29 | index a763e4b..e127834 100644 |
| 30 | --- a/runtime/nsd_gtls.c |
| 31 | +++ b/runtime/nsd_gtls.c |
| 32 | @@ -232,15 +232,26 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis) |
| 33 | */ |
| 34 | static int |
| 35 | gtlsClientCertCallback(gnutls_session session, |
| 36 | - __attribute__((unused)) const gnutls_datum* req_ca_rdn, int __attribute__((unused)) nreqs, |
| 37 | - __attribute__((unused)) const gnutls_pk_algorithm* sign_algos, int __attribute__((unused)) sign_algos_length, |
| 38 | - gnutls_retr_st *st) |
| 39 | + __attribute__((unused)) const gnutls_datum* req_ca_rdn, |
| 40 | + int __attribute__((unused)) nreqs, |
| 41 | + __attribute__((unused)) const gnutls_pk_algorithm* sign_algos, |
| 42 | + int __attribute__((unused)) sign_algos_length, |
| 43 | +#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION |
| 44 | + gnutls_retr2_st* st |
| 45 | +#else |
| 46 | + gnutls_retr_st *st |
| 47 | +#endif |
| 48 | + ) |
| 49 | { |
| 50 | nsd_gtls_t *pThis; |
| 51 | |
| 52 | pThis = (nsd_gtls_t*) gnutls_session_get_ptr(session); |
| 53 | |
| 54 | +#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION |
| 55 | + st->cert_type = GNUTLS_CRT_X509; |
| 56 | +#else |
| 57 | st->type = GNUTLS_CRT_X509; |
| 58 | +#endif |
| 59 | st->ncerts = 1; |
| 60 | st->cert.x509 = &pThis->ourCert; |
| 61 | st->key.x509 = pThis->ourKey; |
| 62 | @@ -1625,7 +1625,11 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host) |
| 63 | gnutls_session_set_ptr(pThis->sess, (void*)pThis); |
| 64 | iRet = gtlsLoadOurCertKey(pThis); /* first load .pem files */ |
| 65 | if(iRet == RS_RET_OK) { |
| 66 | +# if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION |
| 67 | + gnutls_certificate_set_retrieve_function(xcred, gtlsClientCertCallback); |
| 68 | +# else |
| 69 | gnutls_certificate_client_set_retrieve_function(xcred, gtlsClientCertCallback); |
| 70 | +# endif |
| 71 | } else if(iRet != RS_RET_CERTLESS) { |
| 72 | FINALIZE; /* we have an error case! */ |
| 73 | } |