mirror of https://gitee.com/openkylin/qemu.git
Update min required crypto library versions
The min required versions for crypto libraries are now - gnutls >= 3.1.18 - nettle >= 2.7.1 - gcrypt >= 1.5.0 -----BEGIN PGP SIGNATURE----- iQIcBAABCAAGBQJbyd9LAAoJEL6G67QVEE/flEwP/iUsLaIlpo3ok0vOIwNxxaRs /C7PoCIJTMeQuHCZfm8JG+c/JV/vFV25FocrLbmmH8jFIqx+IfUkF9LPrP2IumI1 latlbfPX/k8b4P3RzEA8NssNFi/ZL7OAAVlkd/zIw/0+dws3Jau5MPvi/om1lBmn xLRaa06lpNmuS5dTfmLl0j+kiawOTANwU9TjWy3GFOcOVGzBVroJGD7GV8V0Nx9Q k0ImxZJeQfRYd80qUCWYSUOW2NK19YxYUEBrgaK4+/2yfiz1F7xrJYw5iNDcuLaK 1O4TcxIaruxE3vVNId7aZCH+4sGLcUActAw/phbEdFtHALBXjP/beL0Oe00lIrQQ Y0eChvGlMqF8cvFFdb5dgxepcq06RUnBB+F0hNTeLOSLmBg/oJxOzoK8k//uNKGJ TWqKneuT53IUIbWHo9NYG0zG7rRGUIrzeydoRQCbCx2J5oTgVsrVdLNKexlIG74x 5KCJkHUEM3fAJIMWFTzpmrXb6yr2MPD8YVwfYKxyyJmFr9o52Uwcpv7YL97VOYnD Eb3Unmhu21kZcFXoOP7FGTIYaAnDIgq+cHtUOslUMf/7xItbgcicmoBQnfiumBcB Q7qQ1iC/LSqB6ztmxllVsZGhhlBe5tK+jhCCBhi/4ZhyGkmK2loqEDeWmD/QV/cq TrZsL0KnntSHN2arIsy9 =yJNL -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging Update min required crypto library versions The min required versions for crypto libraries are now - gnutls >= 3.1.18 - nettle >= 2.7.1 - gcrypt >= 1.5.0 # gpg: Signature made Fri 19 Oct 2018 14:42:35 BST # gpg: using RSA key BE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/qcrypto-next-pull-request: crypto: require nettle >= 2.7.1 for building QEMU crypto: require libgcrypt >= 1.5.0 for building QEMU crypto: require gnutls >= 3.1.18 for building QEMU Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
commit
7acd80e82d
|
@ -457,12 +457,9 @@ gtk=""
|
|||
gtk_gl="no"
|
||||
tls_priority="NORMAL"
|
||||
gnutls=""
|
||||
gnutls_rnd=""
|
||||
nettle=""
|
||||
nettle_kdf="no"
|
||||
gcrypt=""
|
||||
gcrypt_hmac="no"
|
||||
gcrypt_kdf="no"
|
||||
vte=""
|
||||
virglrenderer=""
|
||||
tpm="yes"
|
||||
|
@ -2666,79 +2663,28 @@ fi
|
|||
##########################################
|
||||
# GNUTLS probe
|
||||
|
||||
gnutls_works() {
|
||||
# Unfortunately some distros have bad pkg-config information for gnutls
|
||||
# such that it claims to exist but you get a compiler error if you try
|
||||
# to use the options returned by --libs. Specifically, Ubuntu for --static
|
||||
# builds doesn't work:
|
||||
# https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1478035
|
||||
#
|
||||
# So sanity check the cflags/libs before assuming gnutls can be used.
|
||||
if ! $pkg_config --exists "gnutls"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
write_c_skeleton
|
||||
compile_prog "$($pkg_config --cflags gnutls)" "$($pkg_config --libs gnutls)"
|
||||
}
|
||||
|
||||
gnutls_gcrypt=no
|
||||
gnutls_nettle=no
|
||||
if test "$gnutls" != "no"; then
|
||||
if gnutls_works; then
|
||||
if $pkg_config --exists "gnutls >= 3.1.18"; then
|
||||
gnutls_cflags=$($pkg_config --cflags gnutls)
|
||||
gnutls_libs=$($pkg_config --libs gnutls)
|
||||
libs_softmmu="$gnutls_libs $libs_softmmu"
|
||||
libs_tools="$gnutls_libs $libs_tools"
|
||||
QEMU_CFLAGS="$QEMU_CFLAGS $gnutls_cflags"
|
||||
gnutls="yes"
|
||||
|
||||
# gnutls_rnd requires >= 2.11.0
|
||||
if $pkg_config --exists "gnutls >= 2.11.0"; then
|
||||
gnutls_rnd="yes"
|
||||
else
|
||||
gnutls_rnd="no"
|
||||
fi
|
||||
|
||||
if $pkg_config --exists 'gnutls >= 3.0'; then
|
||||
gnutls_gcrypt=no
|
||||
gnutls_nettle=yes
|
||||
elif $pkg_config --exists 'gnutls >= 2.12'; then
|
||||
case $($pkg_config --libs --static gnutls) in
|
||||
*gcrypt*)
|
||||
gnutls_gcrypt=yes
|
||||
gnutls_nettle=no
|
||||
;;
|
||||
*nettle*)
|
||||
gnutls_gcrypt=no
|
||||
gnutls_nettle=yes
|
||||
;;
|
||||
*)
|
||||
gnutls_gcrypt=yes
|
||||
gnutls_nettle=no
|
||||
;;
|
||||
esac
|
||||
else
|
||||
gnutls_gcrypt=yes
|
||||
gnutls_nettle=no
|
||||
fi
|
||||
elif test "$gnutls" = "yes"; then
|
||||
feature_not_found "gnutls" "Install gnutls devel"
|
||||
feature_not_found "gnutls" "Install gnutls devel >= 3.1.18"
|
||||
else
|
||||
gnutls="no"
|
||||
gnutls_rnd="no"
|
||||
fi
|
||||
else
|
||||
gnutls_rnd="no"
|
||||
fi
|
||||
|
||||
|
||||
# If user didn't give a --disable/enable-gcrypt flag,
|
||||
# then mark as disabled if user requested nettle
|
||||
# explicitly, or if gnutls links to nettle
|
||||
# explicitly
|
||||
if test -z "$gcrypt"
|
||||
then
|
||||
if test "$nettle" = "yes" || test "$gnutls_nettle" = "yes"
|
||||
if test "$nettle" = "yes"
|
||||
then
|
||||
gcrypt="no"
|
||||
fi
|
||||
|
@ -2746,16 +2692,16 @@ fi
|
|||
|
||||
# If user didn't give a --disable/enable-nettle flag,
|
||||
# then mark as disabled if user requested gcrypt
|
||||
# explicitly, or if gnutls links to gcrypt
|
||||
# explicitly
|
||||
if test -z "$nettle"
|
||||
then
|
||||
if test "$gcrypt" = "yes" || test "$gnutls_gcrypt" = "yes"
|
||||
if test "$gcrypt" = "yes"
|
||||
then
|
||||
nettle="no"
|
||||
fi
|
||||
fi
|
||||
|
||||
has_libgcrypt_config() {
|
||||
has_libgcrypt() {
|
||||
if ! has "libgcrypt-config"
|
||||
then
|
||||
return 1
|
||||
|
@ -2770,11 +2716,42 @@ has_libgcrypt_config() {
|
|||
fi
|
||||
fi
|
||||
|
||||
maj=`libgcrypt-config --version | awk -F . '{print $1}'`
|
||||
min=`libgcrypt-config --version | awk -F . '{print $2}'`
|
||||
|
||||
if test $maj != 1 || test $min -lt 5
|
||||
then
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
if test "$nettle" != "no"; then
|
||||
if $pkg_config --exists "nettle >= 2.7.1"; then
|
||||
nettle_cflags=$($pkg_config --cflags nettle)
|
||||
nettle_libs=$($pkg_config --libs nettle)
|
||||
nettle_version=$($pkg_config --modversion nettle)
|
||||
libs_softmmu="$nettle_libs $libs_softmmu"
|
||||
libs_tools="$nettle_libs $libs_tools"
|
||||
QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
|
||||
nettle="yes"
|
||||
|
||||
if test -z "$gcrypt"; then
|
||||
gcrypt="no"
|
||||
fi
|
||||
else
|
||||
if test "$nettle" = "yes"; then
|
||||
feature_not_found "nettle" "Install nettle devel >= 2.7.1"
|
||||
else
|
||||
nettle="no"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$gcrypt" != "no"; then
|
||||
if has_libgcrypt_config; then
|
||||
if has_libgcrypt; then
|
||||
gcrypt_cflags=$(libgcrypt-config --cflags)
|
||||
gcrypt_libs=$(libgcrypt-config --libs)
|
||||
# Debian has remove -lgpg-error from libgcrypt-config
|
||||
|
@ -2788,22 +2765,6 @@ if test "$gcrypt" != "no"; then
|
|||
libs_tools="$gcrypt_libs $libs_tools"
|
||||
QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
|
||||
gcrypt="yes"
|
||||
if test -z "$nettle"; then
|
||||
nettle="no"
|
||||
fi
|
||||
|
||||
cat > $TMPC << EOF
|
||||
#include <gcrypt.h>
|
||||
int main(void) {
|
||||
gcry_kdf_derive(NULL, 0, GCRY_KDF_PBKDF2,
|
||||
GCRY_MD_SHA256,
|
||||
NULL, 0, 0, 0, NULL);
|
||||
return 0;
|
||||
}
|
||||
EOF
|
||||
if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then
|
||||
gcrypt_kdf=yes
|
||||
fi
|
||||
|
||||
cat > $TMPC << EOF
|
||||
#include <gcrypt.h>
|
||||
|
@ -2819,7 +2780,7 @@ EOF
|
|||
fi
|
||||
else
|
||||
if test "$gcrypt" = "yes"; then
|
||||
feature_not_found "gcrypt" "Install gcrypt devel"
|
||||
feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
|
||||
else
|
||||
gcrypt="no"
|
||||
fi
|
||||
|
@ -2827,36 +2788,6 @@ EOF
|
|||
fi
|
||||
|
||||
|
||||
if test "$nettle" != "no"; then
|
||||
if $pkg_config --exists "nettle"; then
|
||||
nettle_cflags=$($pkg_config --cflags nettle)
|
||||
nettle_libs=$($pkg_config --libs nettle)
|
||||
nettle_version=$($pkg_config --modversion nettle)
|
||||
libs_softmmu="$nettle_libs $libs_softmmu"
|
||||
libs_tools="$nettle_libs $libs_tools"
|
||||
QEMU_CFLAGS="$QEMU_CFLAGS $nettle_cflags"
|
||||
nettle="yes"
|
||||
|
||||
cat > $TMPC << EOF
|
||||
#include <stddef.h>
|
||||
#include <nettle/pbkdf2.h>
|
||||
int main(void) {
|
||||
pbkdf2_hmac_sha256(8, NULL, 1000, 8, NULL, 8, NULL);
|
||||
return 0;
|
||||
}
|
||||
EOF
|
||||
if compile_prog "$nettle_cflags" "$nettle_libs" ; then
|
||||
nettle_kdf=yes
|
||||
fi
|
||||
else
|
||||
if test "$nettle" = "yes"; then
|
||||
feature_not_found "nettle" "Install nettle devel"
|
||||
else
|
||||
nettle="no"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$gcrypt" = "yes" && test "$nettle" = "yes"
|
||||
then
|
||||
error_exit "Only one of gcrypt & nettle can be enabled"
|
||||
|
@ -5983,11 +5914,8 @@ echo "GTK GL support $gtk_gl"
|
|||
echo "VTE support $vte $(echo_version $vte $vteversion)"
|
||||
echo "TLS priority $tls_priority"
|
||||
echo "GNUTLS support $gnutls"
|
||||
echo "GNUTLS rnd $gnutls_rnd"
|
||||
echo "libgcrypt $gcrypt"
|
||||
echo "libgcrypt kdf $gcrypt_kdf"
|
||||
echo "nettle $nettle $(echo_version $nettle $nettle_version)"
|
||||
echo "nettle kdf $nettle_kdf"
|
||||
echo "libtasn1 $tasn1"
|
||||
echo "curses support $curses"
|
||||
echo "virgl support $virglrenderer $(echo_version $virglrenderer $virgl_version)"
|
||||
|
@ -6426,24 +6354,15 @@ echo "CONFIG_TLS_PRIORITY=\"$tls_priority\"" >> $config_host_mak
|
|||
if test "$gnutls" = "yes" ; then
|
||||
echo "CONFIG_GNUTLS=y" >> $config_host_mak
|
||||
fi
|
||||
if test "$gnutls_rnd" = "yes" ; then
|
||||
echo "CONFIG_GNUTLS_RND=y" >> $config_host_mak
|
||||
fi
|
||||
if test "$gcrypt" = "yes" ; then
|
||||
echo "CONFIG_GCRYPT=y" >> $config_host_mak
|
||||
if test "$gcrypt_hmac" = "yes" ; then
|
||||
echo "CONFIG_GCRYPT_HMAC=y" >> $config_host_mak
|
||||
fi
|
||||
if test "$gcrypt_kdf" = "yes" ; then
|
||||
echo "CONFIG_GCRYPT_KDF=y" >> $config_host_mak
|
||||
fi
|
||||
fi
|
||||
if test "$nettle" = "yes" ; then
|
||||
echo "CONFIG_NETTLE=y" >> $config_host_mak
|
||||
echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak
|
||||
if test "$nettle_kdf" = "yes" ; then
|
||||
echo "CONFIG_NETTLE_KDF=y" >> $config_host_mak
|
||||
fi
|
||||
fi
|
||||
if test "$tasn1" = "yes" ; then
|
||||
echo "CONFIG_TASN1=y" >> $config_host_mak
|
||||
|
|
|
@ -20,11 +20,11 @@ crypto-obj-y += tlscredsx509.o
|
|||
crypto-obj-y += tlssession.o
|
||||
crypto-obj-y += secret.o
|
||||
crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
|
||||
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
|
||||
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS_RND),n,y)) += random-platform.o
|
||||
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
|
||||
crypto-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o
|
||||
crypto-obj-y += pbkdf.o
|
||||
crypto-obj-$(CONFIG_NETTLE_KDF) += pbkdf-nettle.o
|
||||
crypto-obj-$(if $(CONFIG_NETTLE_KDF),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
|
||||
crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
|
||||
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += pbkdf-gcrypt.o
|
||||
crypto-obj-y += ivgen.o
|
||||
crypto-obj-y += ivgen-essiv.o
|
||||
crypto-obj-y += ivgen-plain.o
|
||||
|
|
|
@ -37,33 +37,14 @@
|
|||
/* #define DEBUG_GNUTLS */
|
||||
|
||||
/*
|
||||
* If GNUTLS is built against GCrypt then
|
||||
*
|
||||
* - When GNUTLS >= 2.12, we must not initialize gcrypt threading
|
||||
* because GNUTLS will do that itself
|
||||
* - When GNUTLS < 2.12 we must always initialize gcrypt threading
|
||||
* - When GNUTLS is disabled we must always initialize gcrypt threading
|
||||
*
|
||||
* But....
|
||||
*
|
||||
* When gcrypt >= 1.6.0 we must not initialize gcrypt threading
|
||||
* because gcrypt will do that itself.
|
||||
*
|
||||
* So we need to init gcrypt threading if
|
||||
* We need to init gcrypt threading if
|
||||
*
|
||||
* - gcrypt < 1.6.0
|
||||
* AND
|
||||
* - gnutls < 2.12
|
||||
* OR
|
||||
* - gnutls is disabled
|
||||
*
|
||||
*/
|
||||
|
||||
#if (defined(CONFIG_GCRYPT) && \
|
||||
(!defined(CONFIG_GNUTLS) || \
|
||||
(LIBGNUTLS_VERSION_NUMBER < 0x020c00)) && \
|
||||
(!defined(GCRYPT_VERSION_NUMBER) || \
|
||||
(GCRYPT_VERSION_NUMBER < 0x010600)))
|
||||
(GCRYPT_VERSION_NUMBER < 0x010600))
|
||||
#define QCRYPTO_INIT_GCRYPT_THREADS
|
||||
#else
|
||||
#undef QCRYPTO_INIT_GCRYPT_THREADS
|
||||
|
|
|
@ -72,14 +72,6 @@ qcrypto_tls_creds_check_cert_times(gnutls_x509_crt_t cert,
|
|||
}
|
||||
|
||||
|
||||
#if LIBGNUTLS_VERSION_NUMBER >= 2
|
||||
/*
|
||||
* The gnutls_x509_crt_get_basic_constraints function isn't
|
||||
* available in GNUTLS 1.0.x branches. This isn't critical
|
||||
* though, since gnutls_certificate_verify_peers2 will do
|
||||
* pretty much the same check at runtime, so we can just
|
||||
* disable this code
|
||||
*/
|
||||
static int
|
||||
qcrypto_tls_creds_check_cert_basic_constraints(QCryptoTLSCredsX509 *creds,
|
||||
gnutls_x509_crt_t cert,
|
||||
|
@ -130,7 +122,6 @@ qcrypto_tls_creds_check_cert_basic_constraints(QCryptoTLSCredsX509 *creds,
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
static int
|
||||
|
@ -299,14 +290,12 @@ qcrypto_tls_creds_check_cert(QCryptoTLSCredsX509 *creds,
|
|||
return -1;
|
||||
}
|
||||
|
||||
#if LIBGNUTLS_VERSION_NUMBER >= 2
|
||||
if (qcrypto_tls_creds_check_cert_basic_constraints(creds,
|
||||
cert, certFile,
|
||||
isServer, isCA,
|
||||
errp) < 0) {
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (qcrypto_tls_creds_check_cert_key_usage(creds,
|
||||
cert, certFile,
|
||||
|
@ -615,7 +604,6 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds,
|
|||
}
|
||||
|
||||
if (cert != NULL && key != NULL) {
|
||||
#if LIBGNUTLS_VERSION_NUMBER >= 0x030111
|
||||
char *password = NULL;
|
||||
if (creds->passwordid) {
|
||||
password = qcrypto_secret_lookup_as_utf8(creds->passwordid,
|
||||
|
@ -630,15 +618,6 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds,
|
|||
password,
|
||||
0);
|
||||
g_free(password);
|
||||
#else /* LIBGNUTLS_VERSION_NUMBER < 0x030111 */
|
||||
if (creds->passwordid) {
|
||||
error_setg(errp, "PKCS8 decryption requires GNUTLS >= 3.1.11");
|
||||
goto cleanup;
|
||||
}
|
||||
ret = gnutls_certificate_set_x509_key_file(creds->data,
|
||||
cert, key,
|
||||
GNUTLS_X509_FMT_PEM);
|
||||
#endif
|
||||
if (ret < 0) {
|
||||
error_setg(errp, "Cannot load certificate '%s' & key '%s': %s",
|
||||
cert, key, gnutls_strerror(ret));
|
||||
|
|
|
@ -90,13 +90,7 @@ qcrypto_tls_session_pull(void *opaque, void *buf, size_t len)
|
|||
}
|
||||
|
||||
#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
|
||||
|
||||
#if GNUTLS_VERSION_MAJOR >= 3
|
||||
#define TLS_ECDHE_PSK "+ECDHE-PSK:"
|
||||
#else
|
||||
#define TLS_ECDHE_PSK ""
|
||||
#endif
|
||||
#define TLS_PRIORITY_ADDITIONAL_PSK TLS_ECDHE_PSK "+DHE-PSK:+PSK"
|
||||
#define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK"
|
||||
|
||||
QCryptoTLSSession *
|
||||
qcrypto_tls_session_new(QCryptoTLSCreds *creds,
|
||||
|
|
|
@ -115,7 +115,7 @@ check-unit-$(CONFIG_GNUTLS) += tests/test-io-channel-tls$(EXESUF)
|
|||
check-unit-y += tests/test-io-channel-command$(EXESUF)
|
||||
check-unit-y += tests/test-io-channel-buffer$(EXESUF)
|
||||
check-unit-y += tests/test-base64$(EXESUF)
|
||||
check-unit-$(if $(CONFIG_NETTLE_KDF),y,$(CONFIG_GCRYPT_KDF)) += tests/test-crypto-pbkdf$(EXESUF)
|
||||
check-unit-$(if $(CONFIG_NETTLE),y,$(CONFIG_GCRYPT)) += tests/test-crypto-pbkdf$(EXESUF)
|
||||
check-unit-y += tests/test-crypto-ivgen$(EXESUF)
|
||||
check-unit-y += tests/test-crypto-afsplit$(EXESUF)
|
||||
check-unit-y += tests/test-crypto-xts$(EXESUF)
|
||||
|
|
|
@ -22,8 +22,7 @@
|
|||
#include <gnutls/x509.h>
|
||||
|
||||
#if !(defined WIN32) && \
|
||||
defined(CONFIG_TASN1) && \
|
||||
(LIBGNUTLS_VERSION_NUMBER >= 0x020600)
|
||||
defined(CONFIG_TASN1)
|
||||
# define QCRYPTO_HAVE_TLS_TEST_SUPPORT
|
||||
#endif
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
#endif
|
||||
|
||||
#if (defined(_WIN32) || defined RUSAGE_THREAD) && \
|
||||
(defined(CONFIG_NETTLE_KDF) || defined(CONFIG_GCRYPT_KDF))
|
||||
(defined(CONFIG_NETTLE) || defined(CONFIG_GCRYPT))
|
||||
#define TEST_LUKS
|
||||
#else
|
||||
#undef TEST_LUKS
|
||||
|
|
|
@ -283,14 +283,8 @@ int main(int argc, char **argv)
|
|||
true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
|
||||
0, 0);
|
||||
|
||||
/* Technically a CA cert with basic constraints
|
||||
* key purpose == key signing + non-critical should
|
||||
* be rejected. GNUTLS < 3.1 does not reject it and
|
||||
* we don't anticipate them changing this behaviour
|
||||
*/
|
||||
TLS_TEST_REG(badca1, true, cacert4req.filename, servercert4req.filename,
|
||||
(GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR >= 1) ||
|
||||
GNUTLS_VERSION_MAJOR > 3);
|
||||
true);
|
||||
TLS_TEST_REG(badca2, true,
|
||||
cacert5req.filename, servercert5req.filename, true);
|
||||
TLS_TEST_REG(badca3, true,
|
||||
|
|
Loading…
Reference in New Issue