diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-04-04 20:13:11 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-01 12:58:23 +0200 |
commit | abe6a12b9766219163f99d7807a0b07fbe5f590c (patch) | |
tree | d6ae3a7993290b2fa9d688cdf5be1f738be2b612 | |
parent | 8f981f0373fd3484659a5b0452306d01e13fc26d (diff) | |
download | gnutls-abe6a12b9766219163f99d7807a0b07fbe5f590c.tar.gz |
Removed support for libidn1
Currently we support both IDNA2003 and IDNA2008. However, IDNA2003
is already obsolete by registrars and NICs, thus there is no reason
to continue supporting it. We switch to IDNA2008 exclusively using libidn2.
Resolves #194
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | .gitlab-ci.yml | 19 | ||||
-rw-r--r-- | configure.ac | 40 | ||||
-rw-r--r-- | lib/Makefile.am | 6 | ||||
-rw-r--r-- | lib/common.mk | 2 | ||||
-rw-r--r-- | lib/str-idna.c | 91 | ||||
-rw-r--r-- | src/socket.c | 7 | ||||
-rw-r--r-- | tests/cert-tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/cert_verify_inv_utf8.c | 2 | ||||
-rw-r--r-- | tests/crq_apis.c | 4 | ||||
-rw-r--r-- | tests/hostname-check-utf8.c | 25 | ||||
-rw-r--r-- | tests/mini-server-name.c | 2 | ||||
-rw-r--r-- | tests/set_key_utf8.c | 7 | ||||
-rw-r--r-- | tests/set_x509_key_utf8.c | 6 | ||||
-rw-r--r-- | tests/str-idna.c | 18 |
14 files changed, 61 insertions, 170 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d4cdfabd36..edc2a08f54 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -142,25 +142,6 @@ FIPS140-2/Fedora/x86_64: - build/tests/*.log - build/tests/*/*.log -IDNA2003/Fedora/x86_64: - stage: stage1-testing - image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD - script: - - make autoreconf - - mkdir -p build && cd build && - ../configure --without-libidn2 --disable-doc --disable-guile --disable-full-test-suite && - make -j$(nproc) && make check -j$(nproc) - tags: - - shared - except: - - tags - artifacts: - when: on_failure - paths: - - build/guile/tests/*.log - - build/tests/*.log - - build/tests/*/*.log - openpgp/Fedora/x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD diff --git a/configure.ac b/configure.ac index 84c9500eda..972faf7362 100644 --- a/configure.ac +++ b/configure.ac @@ -465,26 +465,19 @@ AM_CONDITIONAL(WITH_OLD_NETTLE, test "$with_old_nettle" != "no") AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn], - [disable support for libidn]), - try_libidn="$withval", - try_libidn=yes) - -AC_ARG_WITH(libidn2, AS_HELP_STRING([--without-libidn2], - [force support for libidn instead of libidn2]), + [disable support for IDNA]), try_libidn2="$withval", try_libidn2=yes) idna_support=no with_libidn2=no -with_libidn=no -if test "$try_libidn" = yes;then - if test "$try_libidn2" = yes;then +if test "$try_libidn2" = yes;then AC_SEARCH_LIBS(idn2_lookup_u8, idn2, [ with_libidn2=yes; idna_support="IDNA 2008 (libidn2)" AC_DEFINE([HAVE_LIBIDN2], 1, [Define if IDNA 2008 support is enabled.]) - AC_SUBST([LIBIDN_LIBS], [-lidn2]) + AC_SUBST([LIBIDN2_CFLAGS], []) AC_SUBST([LIBIDN2_LIBS], [-lidn2]) dnl used in gnutls.pc.in dnl enable once libidn2.pc is widespread; and remove LIBIDN2_LIBS from gnutls.pc.in (Libs.private) dnl if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then @@ -496,36 +489,11 @@ dnl fi with_libidn2=no; AC_MSG_WARN(*** LIBIDN2 was not found. You will not be able to use IDN2008 support) ]) - else +else with_libidn2=no - fi - - if test "$with_libidn2" = "no"; then - PKG_CHECK_MODULES(LIBIDN, libidn >= 0.5.6, [with_libidn=yes], [with_libidn=no]) - if test "$with_libidn" != "no";then - idna_support="IDNA 2003 (libidn)" - if ! $PKG_CONFIG --atleast-version=1.31 libidn; then - with_buggy_libidn=yes - fi - - AC_DEFINE([HAVE_LIBIDN], 1, [Build IDNA support]) - if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then - GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn" - else - GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn" - fi - else - AC_MSG_WARN([[ -*** -*** libidn was not found. IDNA support will be disabled. -*** ]]) - fi - fi fi AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no") -AM_CONDITIONAL(HAVE_LIBIDN, test "$with_libidn" != "no") -AM_CONDITIONAL(HAVE_BUGGY_LIBIDN, test "$with_buggy_libidn" = "yes") AC_ARG_ENABLE(non-suiteb-curves, AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]), diff --git a/lib/Makefile.am b/lib/Makefile.am index 98364cb5d2..8a54d54c51 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -137,11 +137,7 @@ thirdparty_libadd = $(LTLIBZ) $(LTLIBINTL) $(LIBSOCKET) $(LTLIBNSL) \ $(P11_KIT_LIBS) $(LIB_SELECT) if HAVE_LIBIDN2 -thirdparty_libadd += -lidn2 -endif - -if HAVE_LIBIDN -thirdparty_libadd += $(LIBIDN_LIBS) +thirdparty_libadd += $(LIBIDN2_LIBS) endif if HAVE_LIBUNISTRING diff --git a/lib/common.mk b/lib/common.mk index 373f0073e9..6a1b7855d6 100644 --- a/lib/common.mk +++ b/lib/common.mk @@ -1,3 +1,3 @@ AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) \ - $(LIBTASN1_CFLAGS) $(LIBIDN_CFLAGS) $(P11_KIT_CFLAGS) $(CODE_COVERAGE_CFLAGS) + $(LIBTASN1_CFLAGS) $(LIBIDN2_CFLAGS) $(P11_KIT_CFLAGS) $(CODE_COVERAGE_CFLAGS) COMMON_LINK_FLAGS = $(CODE_COVERAGE_LDFLAGS) diff --git a/lib/str-idna.c b/lib/str-idna.c index aa3110ea58..8a1dce980a 100644 --- a/lib/str-idna.c +++ b/lib/str-idna.c @@ -25,19 +25,16 @@ #include "errors.h" #include "str.h" #include <unistr.h> + #ifdef HAVE_LIBIDN2 -# include <idn2.h> -#elif defined HAVE_LIBIDN -# include <idna.h> -# include <idn-free.h> -#endif -#if defined HAVE_LIBIDN2 || defined HAVE_LIBIDN +# include <idn2.h> -#ifdef HAVE_LIBIDN2 -# define IDN_FREE idn2_free +#if IDN2_VERSION_NUMBER < 0x02000000 +# define idn2_to_ascii_8z idn2_lookup_u8 +# define ICAST uint8_t #else -# define IDN_FREE idn_free +# define ICAST char #endif /** @@ -69,6 +66,20 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig char *idna = NULL; int rc, ret; gnutls_datum_t istr; + unsigned int idn2_flags = IDN2_NFC_INPUT; + unsigned int idn2_tflags = IDN2_NFC_INPUT; + +#if IDN2_VERSION_NUMBER >= 0x00140000 + /* IDN2_NONTRANSITIONAL automatically converts to lowercase + * IDN2_NFC_INPUT converts to NFC before toASCII conversion + * + * Since IDN2_NONTRANSITIONAL implicitely does NFC conversion, we don't need + * the additional IDN2_NFC_INPUT. But just for the unlikely case that the linked + * library is not matching the headers when building and it doesn't support TR46, + * we provide IDN2_NFC_INPUT. */ + idn2_flags |= IDN2_NONTRANSITIONAL; + idn2_tflags |= IDN2_TRANSITIONAL; +#endif if (ilen == 0) { out->data = (uint8_t*)gnutls_strdup(""); @@ -82,37 +93,16 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig return _gnutls_set_strdatum(out, input, ilen); } -#ifndef HAVE_LIBIDN2 - if (flags & GNUTLS_IDNA_FORCE_2008) - return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); -#endif - ret = _gnutls_set_strdatum(&istr, input, ilen); if (ret < 0) { gnutls_assert(); return ret; } -#ifdef HAVE_LIBIDN2 -# if IDN2_VERSION_NUMBER >= 0x00140000 - /* IDN2_NONTRANSITIONAL automatically converts to lowercase - * IDN2_NFC_INPUT converts to NFC before toASCII conversion - * - * Since IDN2_NONTRANSITIONAL implicitely does NFC conversion, we don't need - * the additional IDN2_NFC_INPUT. But just for the unlikely case that the linked - * library is not matching the headers when building and it doesn't support TR46, - * we provide IDN2_NFC_INPUT. - * - * The reason we fallback to transitional encoding on disallowed characters is - * to support domains which existed in IDNA2003, but were invalid with IDNA2008. - */ - - rc = idn2_lookup_u8((uint8_t *)istr.data, (uint8_t **)&idna, IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL); + rc = idn2_to_ascii_8z((ICAST*)istr.data, (ICAST**)&idna, idn2_flags); if (rc == IDN2_DISALLOWED && !(flags & GNUTLS_IDNA_FORCE_2008)) - rc = idn2_lookup_u8((uint8_t *)istr.data, (uint8_t **)&idna, IDN2_NFC_INPUT | IDN2_TRANSITIONAL); -# else - rc = idn2_lookup_u8((uint8_t *)istr.data, (uint8_t **)&idna, IDN2_NFC_INPUT); -# endif + rc = idn2_to_ascii_8z((ICAST*)istr.data, (ICAST**)&idna, idn2_tflags); + if (rc != IDN2_OK) { gnutls_assert(); idna = NULL; /* in case idn2_lookup_u8 modifies &idna */ @@ -120,17 +110,8 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig ret = GNUTLS_E_INVALID_UTF8_STRING; goto fail; } -#else - rc = idna_to_ascii_8z((char*)istr.data, &idna, 0); - if (rc != IDNA_SUCCESS) { - gnutls_assert(); - _gnutls_debug_log("unable to convert name '%s' to IDNA format: %s\n", istr.data, idna_strerror(rc)); - ret = GNUTLS_E_INVALID_UTF8_STRING; - goto fail; - } -#endif - if (gnutls_free != IDN_FREE) { + if (gnutls_free != idn2_free) { ret = _gnutls_set_strdatum(out, idna, strlen(idna)); } else { out->data = (unsigned char*)idna; @@ -140,12 +121,12 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig } fail: - IDN_FREE(idna); + idn2_free(idna); gnutls_free(istr.data); return ret; } -#ifdef HAVE_LIBIDN2 +#if IDN2_VERSION_NUMBER < 0x02000000 int _idn2_punycode_decode( size_t input_length, const char input[], @@ -153,7 +134,7 @@ int _idn2_punycode_decode( uint32_t output[], unsigned char case_flags[]); -static int _idn2_to_unicode_8z8z(const char *src, char **dst) +static int idn2_to_unicode_8z8z(const char *src, char **dst, unsigned flags) { int rc, run; size_t out_len = 0; @@ -251,24 +232,14 @@ int gnutls_idna_reverse_map(const char *input, unsigned ilen, gnutls_datum_t *ou return ret; } -#ifdef HAVE_LIBIDN2 /* currently libidn2 just converts single labels, thus a wrapper function */ - rc = _idn2_to_unicode_8z8z((char*)istr.data, &u8); + rc = idn2_to_unicode_8z8z((char*)istr.data, &u8, 0); if (rc != IDN2_OK) { gnutls_assert(); _gnutls_debug_log("unable to convert ACE name '%s' to UTF-8 format: %s\n", istr.data, idn2_strerror(rc)); ret = GNUTLS_E_INVALID_UTF8_STRING; goto fail; } -#else - rc = idna_to_unicode_8z8z((char*)istr.data, &u8, IDNA_ALLOW_UNASSIGNED); - if (rc != IDNA_SUCCESS) { - gnutls_assert(); - _gnutls_debug_log("unable to convert ACE name '%s' to UTF-8 format: %s\n", istr.data, idna_strerror(rc)); - ret = GNUTLS_E_INVALID_UTF8_STRING; - goto fail; - } -#endif if (gnutls_malloc != malloc) { ret = _gnutls_set_strdatum(out, u8, strlen(u8)); @@ -279,16 +250,12 @@ int gnutls_idna_reverse_map(const char *input, unsigned ilen, gnutls_datum_t *ou ret = 0; } fail: -#ifdef HAVE_LIBIDN2 idn2_free(u8); -#else - idn_free(u8); -#endif gnutls_free(istr.data); return ret; } -#else +#else /* no HAVE_LIBIDN2 */ # undef gnutls_idna_map int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsigned flags) diff --git a/src/socket.c b/src/socket.c index 626066e0fe..223df5177f 100644 --- a/src/socket.c +++ b/src/socket.c @@ -43,13 +43,6 @@ #include <c-ctype.h> #include "sockets.h" -#ifdef HAVE_LIBIDN2 -#include <idn2.h> -#elif defined HAVE_LIBIDN -#include <idna.h> -#include <idn-free.h> -#endif - #define MAX_BUF 4096 /* Functions to manipulate sockets diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index ed8aefc1bf..728c8a597a 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -98,9 +98,7 @@ dist_check_SCRIPTS += openpgp-certs endif endif -if !HAVE_BUGGY_LIBIDN dist_check_SCRIPTS += certtool-utf8 -endif if ENABLE_NON_SUITEB_CURVES dist_check_SCRIPTS += crq diff --git a/tests/cert_verify_inv_utf8.c b/tests/cert_verify_inv_utf8.c index a2b1e5b965..a424e51075 100644 --- a/tests/cert_verify_inv_utf8.c +++ b/tests/cert_verify_inv_utf8.c @@ -150,7 +150,7 @@ static void auto_parse(void) void doit(void) { -#if !defined(HAVE_LIBIDN) && !defined(HAVE_LIBIDN2) +#if !defined(HAVE_LIBIDN2) exit(77); #endif auto_parse(); diff --git a/tests/crq_apis.c b/tests/crq_apis.c index a4ff7c3816..fdc7ece1c2 100644 --- a/tests/crq_apis.c +++ b/tests/crq_apis.c @@ -184,7 +184,7 @@ static gnutls_x509_crq_t generate_crq(void) ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, "νίκο.com", strlen("νίκο.com"), GNUTLS_FSAN_APPEND); -#if defined(HAVE_LIBIDN) || defined(HAVE_LIBIDN2) +#if defined(HAVE_LIBIDN2) if (ret != 0) fail("gnutls_x509_crt_set_subject_alt_name: %s\n", gnutls_strerror(ret)); #else @@ -453,7 +453,7 @@ void doit(void) assert(gnutls_x509_crq_export2(crq, GNUTLS_X509_FMT_PEM, &out) >= 0); -#if defined(HAVE_LIBIDN) || defined(HAVE_LIBIDN2) +#if defined(HAVE_LIBIDN2) assert(out.size == saved_crq.size); assert(memcmp(out.data, saved_crq.data, out.size)==0); #endif diff --git a/tests/hostname-check-utf8.c b/tests/hostname-check-utf8.c index 10128bc774..06ce1b7bdf 100644 --- a/tests/hostname-check-utf8.c +++ b/tests/hostname-check-utf8.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Red Hat, Inc. + * Copyright (C) 2016-2017 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -27,8 +27,10 @@ #include <string.h> #include <gnutls/gnutls.h> #include <gnutls/x509.h> -#ifdef ENABLE_OPENPGP -#include <gnutls/openpgp.h> + +#if defined(HAVE_LIBIDN2) +/* to obtain version */ +#include <idn2.h> #endif #include "utils.h" @@ -101,6 +103,10 @@ void doit(void) gnutls_datum_t data; int ret; +#if !defined(HAVE_LIBIDN2) + exit(77); +#endif + ret = global_init(); if (ret < 0) fail("global_init: %d\n", ret); @@ -142,6 +148,15 @@ void doit(void) if (ret) fail("%d: Invalid hostname incorrectly matches (%d)\n", __LINE__, ret); +#if IDN2_VERSION_NUMBER >= 0x00160000 + ret = gnutls_x509_crt_check_hostname(x509, "γΓγ.τόΣτ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "ΤΈΣΤ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); +#endif ret = gnutls_x509_crt_check_hostname(x509, "γγγ.τόστ.gr"); if (ret) fail("%d: Invalid hostname incorrectly matches (%d)\n", __LINE__, ret); @@ -188,7 +203,6 @@ void doit(void) if (ret) fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); -#if defined(HAVE_LIBIDN) || defined(HAVE_LIBIDN2) ret = gnutls_x509_crt_check_hostname(x509, "www.teχ.gr"); if (!ret) fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); @@ -201,7 +215,7 @@ void doit(void) if (!ret) fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); -#if defined(HAVE_LIBIDN) /* There are IDNA2003 */ +#if IDN2_VERSION_NUMBER >= 0x00160000 ret = gnutls_x509_crt_check_hostname(x509, "γΓγ.τόΣτ.gr"); if (!ret) fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); @@ -210,7 +224,6 @@ void doit(void) if (!ret) fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); #endif -#endif gnutls_x509_crt_deinit(x509); diff --git a/tests/mini-server-name.c b/tests/mini-server-name.c index ae7bb185a5..05b9136a67 100644 --- a/tests/mini-server-name.c +++ b/tests/mini-server-name.c @@ -341,7 +341,7 @@ void doit(void) start("empty", 0, "", 0, "", 0); start("test.example.com", 0, "test.example.com", strlen("test.example.com"), "test.example.com", strlen("test.example.com")); start("longtest.example.com", 0, "longtest.example.com.", strlen("longtest.example.com"), "longtest.example.com.", strlen("longtest.example.com")); -#if defined(HAVE_LIBIDN) || defined(HAVE_LIBIDN2) +#if defined(HAVE_LIBIDN2) /* test invalid UTF8 */ start("invalid-utf8", 1, "invalid\xff.example.com.", sizeof("invalid\xff.example.com")-1, NULL, 0); #endif diff --git a/tests/set_key_utf8.c b/tests/set_key_utf8.c index 17d031d67d..55788671e0 100644 --- a/tests/set_key_utf8.c +++ b/tests/set_key_utf8.c @@ -135,11 +135,6 @@ static void auto_parse(void) } test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */ -#ifdef HAVE_LIBIDN /* IDNA2003-only */ - test_cli_serv(x509_cred, clicred, "NORMAL", "www.νίκος.com", NULL, NULL, NULL); /* the DNS name of second cert */ - test_cli_serv(x509_cred, clicred, "NORMAL", "raw:www.νίκος.com", NULL, NULL, NULL); /* the DNS name of second cert */ - test_cli_serv(x509_cred, clicred, "NORMAL", "www.xn--kxawhku.com", NULL, NULL, NULL); /* the previous name in IDNA format */ -#endif test_cli_serv(x509_cred, clicred, "NORMAL", "简体中文.εξτρα.com", NULL, NULL, NULL); /* the second DNS name of cert */ test_cli_serv(x509_cred, clicred, "NORMAL", "raw:简体中文.εξτρα.com", NULL, NULL, NULL); /* the second DNS name of cert */ test_cli_serv(x509_cred, clicred, "NORMAL", "xn--fiqu1az03c18t.xn--mxah1amo.com", NULL, NULL, NULL); /* its IDNA equivalent */ @@ -155,7 +150,7 @@ static void auto_parse(void) void doit(void) { -#if !defined(HAVE_LIBIDN) && !defined(HAVE_LIBIDN2) +#if !defined(HAVE_LIBIDN2) exit(77); #endif auto_parse(); diff --git a/tests/set_x509_key_utf8.c b/tests/set_x509_key_utf8.c index d67747732a..fc1ba38b23 100644 --- a/tests/set_x509_key_utf8.c +++ b/tests/set_x509_key_utf8.c @@ -143,7 +143,7 @@ void doit(void) int ret; unsigned idx; -#if !defined(HAVE_LIBIDN) && !defined(HAVE_LIBIDN2) +#if !defined(HAVE_LIBIDN2) exit(77); #endif @@ -173,10 +173,6 @@ void doit(void) assert(idx == 1); test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); -#if defined(HAVE_LIBIDN) /* IDNA2003 */ - test_cli_serv(x509_cred, clicred, "NORMAL", "www.νίκος.com", NULL, NULL, NULL); /* the DNS name of second cert */ - test_cli_serv(x509_cred, clicred, "NORMAL", "raw:www.νίκος.com", NULL, NULL, NULL); /* the DNS name of second cert */ -#endif test_cli_serv(x509_cred, clicred, "NORMAL", "www.xn--kxawhku.com", NULL, NULL, NULL); /* the previous name in IDNA format */ test_cli_serv(x509_cred, clicred, "NORMAL", "简体中文.εξτρα.com", NULL, NULL, NULL); /* the second DNS name of cert */ test_cli_serv(x509_cred, clicred, "NORMAL", "raw:简体中文.εξτρα.com", NULL, NULL, NULL); /* the second DNS name of cert */ diff --git a/tests/str-idna.c b/tests/str-idna.c index 60dd58d5c5..552e23b3a1 100644 --- a/tests/str-idna.c +++ b/tests/str-idna.c @@ -32,11 +32,7 @@ #include <gnutls/gnutls.h> #include <cmocka.h> -#ifdef HAVE_LIBIDN2 -# define GLOBAL_FLAGS GNUTLS_IDNA_FORCE_2008 -#else # define GLOBAL_FLAGS 0 -#endif #define MATCH_FUNC(fname, str, normalized) \ static void fname(void **glob_state) \ @@ -84,13 +80,12 @@ MATCH_FUNC_TWO_WAY(test_u1, "夡夞夜夙", "xn--bssffl"); MATCH_FUNC_TWO_WAY(test_jp2, "日本語.jp", "xn--wgv71a119e.jp"); /* invalid (✌️) symbol in IDNA2008 but valid in IDNA2003. Browsers * fallback to IDNA2003, and we do too, so that should work */ -#if defined(HAVE_LIBIDN) || IDN2_VERSION_NUMBER >= 0x02000002 +#if IDN2_VERSION_NUMBER >= 0x02000002 MATCH_FUNC_TWO_WAY(test_valid_idna2003, "\xe2\x9c\x8c\xef\xb8\x8f.com", "xn--7bi.com"); #else EMPTY_FUNC(test_valid_idna2003); #endif -#ifdef HAVE_LIBIDN2 /* IDNA 2008 */ MATCH_FUNC_TWO_WAY(test_greek2, "βόλος.com", "xn--nxasmm1c.com"); MATCH_FUNC_TWO_WAY(test_german1, "faß.de", "xn--fa-hia.de"); # if IDN2_VERSION_NUMBER >= 0x00140000 @@ -106,25 +101,14 @@ EMPTY_FUNC(test_caps_german3); EMPTY_FUNC(test_caps_greek); EMPTY_FUNC(test_dots); # endif -#else /* IDNA 2003 */ -MATCH_FUNC(test_caps_greek, "ΒΌΛΟΣ.com", "xn--nxasmq6b.com"); -MATCH_FUNC(test_greek2, "βόλος.com", "xn--nxasmq6b.com"); -MATCH_FUNC(test_german1, "faß.de", "fass.de"); -MATCH_FUNC(test_caps_german1, "Ü.ü", "xn--tda.xn--tda"); -MATCH_FUNC(test_caps_german2, "Bücher.de", "xn--bcher-kva.de"); -MATCH_FUNC(test_caps_german3, "Faß.de", "fass.de"); -MATCH_FUNC(test_dots, "a.b.c。d。", "a.b.c.d."); -#endif int main(void) { gnutls_datum_t tmp; int ret; const struct CMUnitTest tests[] = { -#ifdef HAVE_LIBIDN2 /* IDNA 2008 */ cmocka_unit_test(test_greek2_reverse), cmocka_unit_test(test_german1_reverse), -#endif cmocka_unit_test(test_ascii), cmocka_unit_test(test_ascii_reverse), cmocka_unit_test(test_ascii_caps), |