From 714e81625fbbe3988c42e330624ac12559320c0f Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 29 Mar 2017 09:55:36 +0200 Subject: OpenPGP authentication is disabled by default The flag --enable-openpgp-authenticationcan be used to revert this change. Resolves #178 Signed-off-by: Nikos Mavrogiannopoulos --- .gitlab-ci.yml | 6 +++--- NEWS | 7 ++++--- m4/hooks.m4 | 8 ++++---- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bdc07e548c..da3bf6ab4f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -90,7 +90,7 @@ minimal/Fedora/x86_64: ./configure --with-included-libtasn1 --enable-valgrind-tests --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-rsa-export --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication - --disable-anon-authentication --disable-dhe --disable-ecdhe --disable-openpgp-authentication + --disable-anon-authentication --disable-dhe --disable-ecdhe --disable-ocsp --disable-session-tickets --disable-non-suiteb-curves --with-included-unistring --disable-nls --disable-crywrap --disable-libdane --without-p11-kit --without-tpm --disable-ssl3-support --disable-ssl2-support --without-zlib --disable-doc --disable-tests --enable-openssl-compatibility && make -j$(nproc) @@ -166,12 +166,12 @@ IDNA2003/Fedora/x86_64: - build/tests/*.log - build/tests/*/*.log -no-openpgp/Fedora/x86_64: +openpgp/Fedora/x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - mkdir -p build && cd build && - ../configure --disable-openpgp-authentication --disable-doc --disable-guile --disable-full-test-suite + ../configure --enable-openpgp-authentication --disable-doc --disable-guile --disable-full-test-suite - make -j$(nproc) - make abi-check - make check -j$(nproc) diff --git a/NEWS b/NEWS index a5db9610f5..553059b9e3 100644 --- a/NEWS +++ b/NEWS @@ -33,9 +33,10 @@ See the end for copying conditions. behavior can be overriden by providing the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS to verification functions. Resolves gitlab issue #177. -** libgnutls: The --disable-openpgp-authentication configure option will provide - an ABI-compatible library, with the openpgp functionality implemented as stubs. - The stubs are functions which only return an error on call. +** libgnutls: OpenPGP authentication is disabled by default, and the resulting + library is ABI compatible (will openpgp related functions being stubs that fail + on invocation). The flag --enable-openpgp-authentication to configure will + enable OpenPGP authentication support. ** libgnutls: Refuse to generate a certificate with an illegal version, or an illegal serial number. That is, gnutls_x509_crt_set_version() and diff --git a/m4/hooks.m4 b/m4/hooks.m4 index 1c4f5b50ce..e48850fa4a 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -302,11 +302,11 @@ LIBTASN1_MINIMUM=4.9 fi AM_CONDITIONAL(ENABLE_ECDHE, test "$ac_enable_ecdhe" != "no") - ac_enable_openpgp=yes - AC_MSG_CHECKING([whether to disable OpenPGP Certificate authentication support]) + ac_enable_openpgp=no + AC_MSG_CHECKING([whether to enable OpenPGP Certificate authentication support]) AC_ARG_ENABLE(openpgp-authentication, - AS_HELP_STRING([--disable-openpgp-authentication], - [disable the OpenPGP authentication support]), + AS_HELP_STRING([--enable-openpgp-authentication], + [enable the OpenPGP authentication support]), ac_enable_openpgp=$enableval) if test x$ac_enable_openpgp = xno; then AC_MSG_RESULT(yes) -- cgit v1.2.1