net-nds/openldap/files/openldap-2.4.33-gnutls.patch - mirrors/cros/chromiumos/overlays/portage-stable - Git at Google

 From 98de912932732f1441300eb64ca3070ff1469fcf Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz>
 Date: Sun, 30 Dec 2012 21:11:06 +0100
 Subject: [PATCH] GnuTLS 3.0 removed gnutls_certificate_get_x509_cas()

 ---
  libraries/libldap/tls_g.c | 23 +++++++++++++++++++++++
  1 file changed, 23 insertions(+)

 diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
 index 40616f5..374514d 100644
 --- a/libraries/libldap/tls_g.c
 +++ b/libraries/libldap/tls_g.c
 @@ -60,6 +60,12 @@
  #undef HAVE_GCRYPT_RAND
  #endif

 +#if LIBGNUTLS_VERSION_NUMBER >= 0x030000
 +#define HAVE_GNUTLS_CERTIFICATE_GET_ISSUER 1
 +#else
 +#undef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
 +#endif
 +
  #ifndef HAVE_CIPHERSUITES
  /* Versions prior to 2.2.0 didn't handle cipher suites, so we had to
   * kludge them ourselves.
 @@ -368,6 +374,22 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
  		 * then we have to build the cert chain.
  		 */
  		if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
 +#ifdef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
 +			gnutls_x509_crt_t issuer;
 +			unsigned int i;
 +
 +			for ( i = 1; i<VERIFY_DEPTH; i++ ) {
 +				/* If no CA is known, we're done */
 +				if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1],
 +							&issuer, 0 ) )
 +					break;
 +				certs[i] = issuer;
 +				max++;
 +				/* If this CA is self-signed, we're done */
 +				if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
 +					break;
 +			}
 +#else
  			gnutls_x509_crt_t *cas;
  			unsigned int i, j, ncas;

 @@ -387,6 +409,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
  				if ( j == ncas )
  					break;
  			}
 +#endif /* !defined HAVE_GNUTLS_CERTIFICATE_GET_ISSUER */
  		}
  		rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
  		if ( rc ) return -1;
 --
 1.8.0.2
	From 98de912932732f1441300eb64ca3070ff1469fcf Mon Sep 17 00:00:00 2001
	From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz>
	Date: Sun, 30 Dec 2012 21:11:06 +0100
	Subject: [PATCH] GnuTLS 3.0 removed gnutls_certificate_get_x509_cas()

	---
	libraries/libldap/tls_g.c \| 23 +++++++++++++++++++++++
	1 file changed, 23 insertions(+)

	diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
	index 40616f5..374514d 100644
	--- a/libraries/libldap/tls_g.c
	+++ b/libraries/libldap/tls_g.c
	@@ -60,6 +60,12 @@
	#undef HAVE_GCRYPT_RAND
	#endif

	+#if LIBGNUTLS_VERSION_NUMBER >= 0x030000
	+#define HAVE_GNUTLS_CERTIFICATE_GET_ISSUER 1
	+#else
	+#undef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
	+#endif
	+
	#ifndef HAVE_CIPHERSUITES
	/* Versions prior to 2.2.0 didn't handle cipher suites, so we had to
	* kludge them ourselves.
	@@ -368,6 +374,22 @@ tlsg_ctx_init( struct ldapoptions lo, struct ldaptls lt, int is_server )
	* then we have to build the cert chain.
	*/
	if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
	+#ifdef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
	+ gnutls_x509_crt_t issuer;
	+ unsigned int i;
	+
	+ for ( i = 1; i<VERIFY_DEPTH; i++ ) {
	+ /* If no CA is known, we're done */
	+ if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1],
	+ &issuer, 0 ) )
	+ break;
	+ certs[i] = issuer;
	+ max++;
	+ /* If this CA is self-signed, we're done */
	+ if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
	+ break;
	+ }
	+#else
	gnutls_x509_crt_t *cas;
	unsigned int i, j, ncas;

	@@ -387,6 +409,7 @@ tlsg_ctx_init( struct ldapoptions lo, struct ldaptls lt, int is_server )
	if ( j == ncas )
	break;
	}
	+#endif /* !defined HAVE_GNUTLS_CERTIFICATE_GET_ISSUER */
	}
	rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
	if ( rc ) return -1;
	--
	1.8.0.2