[gtk-vnc] Require gnutls >= 3.1.18

From: Daniel P. Berrange <dberrange src gnome org>
To: commits-list gnome org
Cc:
Subject: [gtk-vnc] Require gnutls >= 3.1.18
Date: Fri, 17 Aug 2018 15:58:41 +0000 (UTC)
commit 22e39037f49af083ea28f50099f2f6576ba80750
Author: Daniel P. Berrangé <berrange redhat com>
Date:   Fri Aug 17 11:27:07 2018 +0100

    Require gnutls >= 3.1.18
    
    gnutls 3.0.0 was released in 2011 and all the distros that are build
    target platforms for GTK-VNC include it:
    
          RHEL-7: 3.1.18
          Debian (Stretch): 3.5.8
          Debian (Jessie): 3.3.8
          OpenBSD (ports): 3.5.18
          FreeBSD (ports): 3.5.18
          OpenSUSE Leap 15: 3.6.2
          Ubuntu (Xenial): 3.4.10
          macOS (Homebrew): 3.5.19
    
    Based on this, it is reasonable to require gnutls >= 3.1.18 in GTK-VNC
    which allows for all conditional version checks in the code to be
    removed.
    
    Signed-off-by: Daniel P. Berrangé <berrange redhat com>

 configure.ac        | 17 +----------------
 src/vncconnection.c | 48 ++----------------------------------------------
 2 files changed, 3 insertions(+), 62 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index b907553..4112b0d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -35,7 +35,7 @@ GDK_PIXBUF_REQUIRED=2.10.0
 AC_SUBST(GDK_PIXBUF_REQUIRED)
 GCRYPT_REQUIRED=1.4.0
 AC_SUBST(GCRYPT_REQUIRED)
-GNUTLS_REQUIRED=2.2.0
+GNUTLS_REQUIRED=3.1.18
 AC_SUBST(GNUTLS_REQUIRED)
 
 VIEW_REQUIRED=0.6.0
@@ -245,21 +245,6 @@ PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED)
 AC_SUBST(GNUTLS_CFLAGS)
 AC_SUBST(GNUTLS_LIBS)
 
-if $PKG_CONFIG --exists 'gnutls >= 3.0'; then
-    GNUTLS_GCRYPT=no
-elif $PKG_CONFIG --exists 'gnutls >= 2.12'; then
-    case `$PKG_CONFIG --libs --static gnutls` in
-      *gcrypt*) GNUTLS_GCRYPT=yes     ;;
-      *nettle*) GNUTLS_GCRYPT=no      ;;
-      *)        GNUTLS_GCRYPT=yes     ;;
-    esac
-else
-    GNUTLS_GCRYPT=yes
-fi
-if test "x$GNUTLS_GCRYPT" = "xyes"; then
-  AC_DEFINE_UNQUOTED([HAVE_GNUTLS_GCRYPT], [1], [whether gnutls uses gcrypt])
-fi
-
 
 dnl Cyrus SASL
 AC_ARG_WITH([sasl],
diff --git a/src/vncconnection.c b/src/vncconnection.c
index 5c03d70..29a80f5 100644
--- a/src/vncconnection.c
+++ b/src/vncconnection.c
@@ -61,42 +61,8 @@
 #define g_mutex_free(m) g_free(m)
 #endif
 
-/*
- * When GNUTLS >= 2.12, we must not initialize gcrypt threading
- * because GNUTLS will do that itself, *provided* it is built
- * against gcrypt, and not nettle.
- * When GNUTLS < 2.12 we must always initialize gcrypt threading
- * When GNUTLS > 3.0 we must always initialize gcrypt threading
- *
- * But....
- *
- * When gcrypt >= 1.6.0 we must not initialize gcrypt threading
- * because gcrypt will do that itself.
- *
- * So we need to init grypt threading if
- *
- *   - gcrypt < 1.6.0
- *
- *   and either
- *
- *   - gnutls does not use gcrypt
- *
- *   or
- *
- *   - gnutls < 2.12
- */
-#ifndef GNUTLS_VERSION_NUMBER
-#ifndef LIBGNUTLS_VERSION_NUMBER
-#error "GNUTLS >= 2.2.0 required to build GTK-VNC"
-#else
-#define GNUTLS_VERSION_NUMBER LIBGNUTLS_VERSION_NUMBER
-#endif
-#endif
-
-#if ((!defined(HAVE_GNUTLS_GCRYPT) ||            \
-      (GNUTLS_VERSION_NUMBER < 0x020c00)) &&     \
-     (!defined(GCRYPT_VERSION_NUMBER) ||         \
-      (GCRYPT_VERSION_NUMBER < 0x010600)))
+#if !defined(GCRYPT_VERSION_NUMBER) ||         \
+    (GCRYPT_VERSION_NUMBER < 0x010600)
 #define VNC_INIT_GCRYPT_THREADING
 #else
 #undef VNC_INIT_GCRYPT_THREADING
@@ -1366,7 +1332,6 @@ static gnutls_certificate_credentials_t vnc_connection_tls_initialize_cert_cred(
             return NULL;
         }
     } else {
-#if GNUTLS_VERSION_NUMBER >= 0x030000
         VNC_DEBUG("No CA certificate provided; trying the system trust store instead");
 
         if ((ret = gnutls_certificate_set_x509_system_trust(x509_cred)) < 0) {
@@ -1375,10 +1340,6 @@ static gnutls_certificate_credentials_t vnc_connection_tls_initialize_cert_cred(
         }
 
         VNC_DEBUG("Using the system trust store and CRL");
-#else
-        VNC_DEBUG("No CA certificate provided and system trust not supported");
-        return NULL;
-#endif
     }
 
     if (priv->cred_x509_cert && priv->cred_x509_key) {
@@ -5962,12 +5923,7 @@ static gboolean vnc_connection_set_credential_x509(VncConnection *conn,
      * to be used to validate CA certificates if no specific cert is set
      */
     if (ret < 0) {
-#if GNUTLS_VERSION_NUMBER < 0x030000
-        VNC_DEBUG("No CA certificate provided and no global fallback");
-        return FALSE;
-#else
         VNC_DEBUG("No CA certificate provided, using GNUTLS global trust");
-#endif
     }
 
     /* Don't mind failures of CRL */
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]