diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2015-03-12 17:01:05 +1300 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2015-03-12 22:24:07 +0100 |
| commit | 61d962bdfdb9ca13e5f31e726ae84823c6f68fc6 (patch) | |
| tree | 5d54483367300292d3a5c8149dd3b9d20566b337 /source4/lib/tls | |
| parent | f0a6935b1e0c140cc100036e5945fe6a7b95a45e (diff) | |
| download | samba-61d962bdfdb9ca13e5f31e726ae84823c6f68fc6.tar.gz | |
lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt
We no longer link against gcrypt if gnutls > 3.0.0 is found, as these
versions use libnettle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4/lib/tls')
| -rw-r--r-- | source4/lib/tls/tlscert.c | 4 | ||||
| -rw-r--r-- | source4/lib/tls/wscript | 22 |
2 files changed, 19 insertions, 7 deletions
diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c index 8a19e0a2301..b44d46b0f1b 100644 --- a/source4/lib/tls/tlscert.c +++ b/source4/lib/tls/tlscert.c @@ -24,7 +24,7 @@ #if ENABLE_GNUTLS #include <gnutls/gnutls.h> #include <gnutls/x509.h> -#if HAVE_GCRYPT_H +#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3) #include <gcrypt.h> #endif @@ -69,7 +69,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx, DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n", hostname)); -#ifdef HAVE_GCRYPT_H +#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3) DEBUG(3,("Enabling QUICK mode in gcrypt\n")); gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); #endif diff --git a/source4/lib/tls/wscript b/source4/lib/tls/wscript index ae963950f25..cbba87d5804 100644 --- a/source4/lib/tls/wscript +++ b/source4/lib/tls/wscript @@ -17,11 +17,18 @@ def configure(conf): conf.SET_TARGET_TYPE('gnutls', 'DISABLED') conf.SET_TARGET_TYPE('gcrypt', 'DISABLED') conf.SET_TARGET_TYPE('gpg-error', 'DISABLED') + if 'AD_DC_BUILD_IS_ENABLED' in conf.env: + conf.fatal("--disable-gnutls given: Building the AD DC requires GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol") return - conf.check_cfg(package='gnutls', - args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs', - msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False) + if conf.check_cfg(package='gnutls', + args='"gnutls >= 3.0.0" --cflags --libs', + msg='Checking for gnutls >= 3.0.0s', mandatory=False): + conf.DEFINE('HAVE_GNUTLS3', 1) + else: + conf.check_cfg(package='gnutls', + args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs', + msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False) if 'HAVE_GNUTLS' in conf.env: conf.DEFINE('ENABLE_GNUTLS', 1) @@ -45,8 +52,13 @@ def configure(conf): conf.CHECK_TYPES('gnutls_datum gnutls_datum_t', headers='gnutls/gnutls.h', lib='gnutls') - conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h') - conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error') + # GnuTLS3 moved to libnettle, so only do this in the < 3.0 case + if not 'HAVE_GNUTLS3' in conf.env: + conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h') + conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error') + else: + conf.SET_TARGET_TYPE('gcrypt', 'DISABLED') + conf.SET_TARGET_TYPE('gpg-error', 'DISABLED') def build(bld): |