[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7877) please make gcrypt optional with newer gnutls

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7877) please make gcrypt optional with newer gnutls
From: ryan@nardis.ca
Date: Sat, 21 Jun 2014 00:24:01 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

This is a multi-part message in MIME format.
--------------010505020103090906040401
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

This might be a better patch, if the build system change is acceptable.

--------------010505020103090906040401
Content-Type: text/x-patch;
 name="0001-ITS-7877-detect-whether-gnutls-uses-gcrypt.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="0001-ITS-7877-detect-whether-gnutls-uses-gcrypt.patch"

>From e904900beb419576abc098e96deda04e53119603 Mon Sep 17 00:00:00 2001
From: Ryan Tandy <ryan@nardis.ca>
Date: Fri, 20 Jun 2014 14:44:23 -0700
Subject: [PATCH] ITS#7877 detect whether gnutls uses gcrypt

---
 configure.in              | 14 ++++++++++++++
 libraries/libldap/tls_g.c | 20 ++++++++++++++++++--
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/configure.in b/configure.in
index 84bfc8a..27fe13a 100644
--- a/configure.in
+++ b/configure.in
@@ -1223,6 +1223,20 @@ if test $ol_link_tls = no ; then
 	fi
 fi
 
+if test $ol_with_tls = gnutls ; then
+	AC_CHECK_HEADERS(gcrypt.h)
+
+	if test $ac_cv_header_gcrypt_h = yes ; then
+		AC_CHECK_LIB(gnutls, gcry_cipher_open,
+			[have_gnutls_gcrypt=yes], [have_gnutls_gcrypt=no])
+
+		if test $have_gnutls_gcrypt = yes ; then
+			AC_DEFINE(HAVE_GNUTLS_GCRYPT, 1,
+				[define if GnuTLS is using GCrypt])
+		fi
+	fi
+fi
+
 dnl NOTE: caller must specify -I/path/to/nspr4 and -I/path/to/nss3
 dnl and -L/path/to/nspr4 libs and -L/path/to/nss3 libs if those libs
 dnl are not in the default system location
diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index ee83b5c..417c768 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -43,10 +43,16 @@
 
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
-#include <gcrypt.h>
 
 #if LIBGNUTLS_VERSION_NUMBER >= 0x020200
 #define	HAVE_CIPHERSUITES	1
+#else
+#undef HAVE_CIPHERSUITES
+#endif
+
+#ifdef HAVE_GNUTLS_GCRYPT
+#include <gcrypt.h>
+#if LIBGNUTLS_VERSION_NUMBER >= 0x020200
 /* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x
  * but that dependency isn't reflected in their configure script, resulting in
  * build errors on older gcrypt. So, if they have a working build environment,
@@ -54,9 +60,9 @@
  */
 #define HAVE_GCRYPT_RAND	1
 #else
-#undef HAVE_CIPHERSUITES
 #undef HAVE_GCRYPT_RAND
 #endif
+#endif
 
 #ifndef HAVE_CIPHERSUITES
 /* Versions prior to 2.2.0 didn't handle cipher suites, so we had to
@@ -143,6 +149,15 @@ tlsg_mutex_unlock( void **lock )
 	return ldap_pvt_thread_mutex_unlock( *lock );
 }
 
+#if GNUTLS_VERSION_NUMBER >= 0x020b00
+tlsg_thr_init( void )
+{
+	gnutls_global_set_mutex (tlsg_mutex_init,
+		tlsg_mutex_destroy,
+		tlsg_mutex_lock,
+		tlsg_mutex_unlock);
+}
+#else
 static struct gcry_thread_cbs tlsg_thread_cbs = {
 	GCRY_THREAD_OPTION_USER,
 	NULL,
@@ -158,6 +173,7 @@ tlsg_thr_init( void )
 {
 	gcry_control (GCRYCTL_SET_THREAD_CBS, &tlsg_thread_cbs);
 }
+#endif
 #endif /* LDAP_R_COMPILE */
 
 /*
-- 
1.9.1


--------------010505020103090906040401--

Prev by Date: (ITS#7878) OpenLDAP MinGW Build Problem
Next by Date: (ITS#7879) liblmdb "mtest" programs do not build on mingw64
Index(es):
- Chronological
- Thread