[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7877) please make gcrypt optional with newer gnutls
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7877) please make gcrypt optional with newer gnutls
- From: ryan@nardis.ca
- Date: Sat, 21 Jun 2014 00:24:01 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
This is a multi-part message in MIME format.
--------------010505020103090906040401
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
This might be a better patch, if the build system change is acceptable.
--------------010505020103090906040401
Content-Type: text/x-patch;
name="0001-ITS-7877-detect-whether-gnutls-uses-gcrypt.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="0001-ITS-7877-detect-whether-gnutls-uses-gcrypt.patch"
>From e904900beb419576abc098e96deda04e53119603 Mon Sep 17 00:00:00 2001
From: Ryan Tandy <ryan@nardis.ca>
Date: Fri, 20 Jun 2014 14:44:23 -0700
Subject: [PATCH] ITS#7877 detect whether gnutls uses gcrypt
---
configure.in | 14 ++++++++++++++
libraries/libldap/tls_g.c | 20 ++++++++++++++++++--
2 files changed, 32 insertions(+), 2 deletions(-)
diff --git a/configure.in b/configure.in
index 84bfc8a..27fe13a 100644
--- a/configure.in
+++ b/configure.in
@@ -1223,6 +1223,20 @@ if test $ol_link_tls = no ; then
fi
fi
+if test $ol_with_tls = gnutls ; then
+ AC_CHECK_HEADERS(gcrypt.h)
+
+ if test $ac_cv_header_gcrypt_h = yes ; then
+ AC_CHECK_LIB(gnutls, gcry_cipher_open,
+ [have_gnutls_gcrypt=yes], [have_gnutls_gcrypt=no])
+
+ if test $have_gnutls_gcrypt = yes ; then
+ AC_DEFINE(HAVE_GNUTLS_GCRYPT, 1,
+ [define if GnuTLS is using GCrypt])
+ fi
+ fi
+fi
+
dnl NOTE: caller must specify -I/path/to/nspr4 and -I/path/to/nss3
dnl and -L/path/to/nspr4 libs and -L/path/to/nss3 libs if those libs
dnl are not in the default system location
diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index ee83b5c..417c768 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -43,10 +43,16 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
-#include <gcrypt.h>
#if LIBGNUTLS_VERSION_NUMBER >= 0x020200
#define HAVE_CIPHERSUITES 1
+#else
+#undef HAVE_CIPHERSUITES
+#endif
+
+#ifdef HAVE_GNUTLS_GCRYPT
+#include <gcrypt.h>
+#if LIBGNUTLS_VERSION_NUMBER >= 0x020200
/* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x
* but that dependency isn't reflected in their configure script, resulting in
* build errors on older gcrypt. So, if they have a working build environment,
@@ -54,9 +60,9 @@
*/
#define HAVE_GCRYPT_RAND 1
#else
-#undef HAVE_CIPHERSUITES
#undef HAVE_GCRYPT_RAND
#endif
+#endif
#ifndef HAVE_CIPHERSUITES
/* Versions prior to 2.2.0 didn't handle cipher suites, so we had to
@@ -143,6 +149,15 @@ tlsg_mutex_unlock( void **lock )
return ldap_pvt_thread_mutex_unlock( *lock );
}
+#if GNUTLS_VERSION_NUMBER >= 0x020b00
+tlsg_thr_init( void )
+{
+ gnutls_global_set_mutex (tlsg_mutex_init,
+ tlsg_mutex_destroy,
+ tlsg_mutex_lock,
+ tlsg_mutex_unlock);
+}
+#else
static struct gcry_thread_cbs tlsg_thread_cbs = {
GCRY_THREAD_OPTION_USER,
NULL,
@@ -158,6 +173,7 @@ tlsg_thr_init( void )
{
gcry_control (GCRYCTL_SET_THREAD_CBS, &tlsg_thread_cbs);
}
+#endif
#endif /* LDAP_R_COMPILE */
/*
--
1.9.1
--------------010505020103090906040401--