diff options
author | Daniel P. Berrangé <berrange@redhat.com> | 2018-07-18 11:55:05 +0100 |
---|---|---|
committer | Daniel P. Berrangé <berrange@redhat.com> | 2018-10-19 12:26:57 +0100 |
commit | a0722409bcb980ecdab8330d4c716a73c9fcb489 (patch) | |
tree | c210c48beb7d0e8f735cfe904b8bc253c43fcc85 /tests | |
parent | 2ec24af2379e331d062a6fc1cda65bc262c7c17b (diff) | |
download | qemu-a0722409bcb980ecdab8330d4c716a73c9fcb489.zip qemu-a0722409bcb980ecdab8330d4c716a73c9fcb489.tar.gz qemu-a0722409bcb980ecdab8330d4c716a73c9fcb489.tar.bz2 |
crypto: require gnutls >= 3.1.18 for building QEMU
gnutls 3.0.0 was released in 2011 and all the distros that are build
target platforms for QEMU [1] include it:
RHEL-7: 3.1.18
Debian (Stretch): 3.5.8
Debian (Jessie): 3.3.8
OpenBSD (ports): 3.5.18
FreeBSD (ports): 3.5.18
OpenSUSE Leap 15: 3.6.2
Ubuntu (Xenial): 3.4.10
macOS (Homebrew): 3.5.19
Based on this, it is reasonable to require gnutls >= 3.1.18 in QEMU
which allows for all conditional version checks in the code to be
removed.
[1] https://qemu.weilnetz.de/doc/qemu-doc.html#Supported-build-platforms
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/crypto-tls-x509-helpers.h | 3 | ||||
-rw-r--r-- | tests/test-crypto-tlscredsx509.c | 8 |
2 files changed, 2 insertions, 9 deletions
diff --git a/tests/crypto-tls-x509-helpers.h b/tests/crypto-tls-x509-helpers.h index 921341c..88c30d7 100644 --- a/tests/crypto-tls-x509-helpers.h +++ b/tests/crypto-tls-x509-helpers.h @@ -22,8 +22,7 @@ #include <gnutls/x509.h> #if !(defined WIN32) && \ - defined(CONFIG_TASN1) && \ - (LIBGNUTLS_VERSION_NUMBER >= 0x020600) + defined(CONFIG_TASN1) # define QCRYPTO_HAVE_TLS_TEST_SUPPORT #endif diff --git a/tests/test-crypto-tlscredsx509.c b/tests/test-crypto-tlscredsx509.c index 30f9ac4..940a026 100644 --- a/tests/test-crypto-tlscredsx509.c +++ b/tests/test-crypto-tlscredsx509.c @@ -283,14 +283,8 @@ int main(int argc, char **argv) true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL, 0, 0); - /* Technically a CA cert with basic constraints - * key purpose == key signing + non-critical should - * be rejected. GNUTLS < 3.1 does not reject it and - * we don't anticipate them changing this behaviour - */ TLS_TEST_REG(badca1, true, cacert4req.filename, servercert4req.filename, - (GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR >= 1) || - GNUTLS_VERSION_MAJOR > 3); + true); TLS_TEST_REG(badca2, true, cacert5req.filename, servercert5req.filename, true); TLS_TEST_REG(badca3, true, |