+++ /dev/null
-/*
- * gnutls_1_0_compat.h: GnuTLS 1.0 compatibility
- *
- * Copyright (C) 2007, 2013 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Richard W.M. Jones <rjones@redhat.com>
- */
-
-#ifndef LIBVIRT_GNUTLS_1_0_COMPAT_H__
-# define LIBVIRT_GNUTLS_1_0_COMPAT_H__
-
-# include <gnutls/gnutls.h>
-
-/* enable backward compatibility macros for gnutls 1.x.y */
-# if LIBGNUTLS_VERSION_MAJOR < 2
-# define GNUTLS_1_0_COMPAT
-# endif
-
-# ifdef GNUTLS_1_0_COMPAT
-# define gnutls_session_t gnutls_session
-# define gnutls_x509_crt_t gnutls_x509_crt
-# define gnutls_dh_params_t gnutls_dh_params
-# define gnutls_transport_ptr_t gnutls_transport_ptr
-# define gnutls_datum_t gnutls_datum
-# define gnutls_certificate_credentials_t gnutls_certificate_credentials
-# define gnutls_cipher_algorithm_t gnutls_cipher_algorithm
-# endif
-
-#endif /* LIBVIRT_GNUTLS_1_0_COMPAT_H__ */
# include <gnutls/crypto.h>
#endif
#include <gnutls/x509.h>
-#include "gnutls_1_0_compat.h"
#include "virnettlscontext.h"
#include "virstring.h"
}
-#ifndef GNUTLS_1_0_COMPAT
-/*
- * The gnutls_x509_crt_get_basic_constraints function isn't
- * available in GNUTLS 1.0.x branches. This isn't critical
- * though, since gnutls_certificate_verify_peers2 will do
- * pretty much the same check at runtime, so we can just
- * disable this code
- */
static int virNetTLSContextCheckCertBasicConstraints(gnutls_x509_crt_t cert,
const char *certFile,
bool isServer,
return 0;
}
-#endif
static int virNetTLSContextCheckCertKeyUsage(gnutls_x509_crt_t cert,
isServer, isCA) < 0)
return -1;
-#ifndef GNUTLS_1_0_COMPAT
if (virNetTLSContextCheckCertBasicConstraints(cert, certFile,
isServer, isCA) < 0)
return -1;
-#endif
if (virNetTLSContextCheckCertKeyUsage(cert, certFile,
isCA) < 0)
if (status & GNUTLS_CERT_REVOKED)
reason = _("The certificate has been revoked.");
-#ifndef GNUTLS_1_0_COMPAT
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
reason = _("The certificate uses an insecure algorithm");
-#endif
virReportError(VIR_ERR_SYSTEM_ERROR,
_("Our own certificate %s failed validation against %s: %s"),
if (status & GNUTLS_CERT_REVOKED)
reason = _("The certificate has been revoked.");
-#ifndef GNUTLS_1_0_COMPAT
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
reason = _("The certificate uses an insecure algorithm");
-#endif
virReportError(VIR_ERR_SYSTEM_ERROR,
_("Certificate failed validation: %s"),
/* !sess->isServer, since on the client, we're validating the
* server's cert, and on the server, the client's cert
*/
-#ifndef GNUTLS_1_0_COMPAT
if (virNetTLSContextCheckCertBasicConstraints(cert, "[session]",
!sess->isServer, false) < 0) {
gnutls_x509_crt_deinit(cert);
goto authdeny;
}
-#endif
if (virNetTLSContextCheckCertKeyUsage(cert, "[session]",
false) < 0) {
projects / libvirt.git / commitdiff