Changeset efe884e in mod_gnutls


Ignore:
Timestamp:
May 23, 2016, 5:08:25 PM (2 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
b674e95
Parents:
c4d6e77
git-author:
Thomas Klute <thomas2.klute@…> (05/23/16 16:57:50)
git-committer:
Thomas Klute <thomas2.klute@…> (05/23/16 17:08:25)
Message:

Skip OCSP test with incompatible GnuTLS versions

Please see the comment in configure.ac for details. Note that release
3.5.0 does not work, but git master since commit
cf09cd11fb7416f2bc8e64876d81bbeaf468fd20 does and uses the same
version number.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • configure.ac

    rc4d6e77 refe884e  
    8383# openssl is needed as the responder for OCSP tests
    8484AC_PATH_PROG([OPENSSL], [openssl], [no])
    85 AM_CONDITIONAL([ENABLE_OCSP_TEST], [test "${OPENSSL}" != "no"])
     85# OCSP checks with gnutls-cli from GnuTLS versions before 3.3.23 or
     86# 3.4.12 fail if intermediate CAs cannot be status checked, even if
     87# there are no intermediate CAs like in the mod_gnutls test suite
     88# where end entity certificates are directly issued by a root
     89# CA. Release 3.5.0 does not contain the fix, but git commit
     90# cf09cd11fb7416f2bc8e64876d81bbeaf468fd20 which adds the fix still
     91# uses the same version number, so I'm not blocking 0x030500 for the
     92# sake of anyone who might be experimenting with the git version.
     93AC_MSG_CHECKING([for gnutls-cli version supporting OCSP for EE under root CA])
     94AC_PREPROC_IFELSE(
     95        [AC_LANG_SOURCE([[#include "gnutls/gnutls.h"
     96                        #if GNUTLS_VERSION_NUMBER < 0x030317
     97                        #error
     98                        #elif GNUTLS_VERSION_NUMBER >= 0x030400 && GNUTLS_VERSION_NUMBER < 0x03040c
     99                        #error
     100                        #endif
     101                        ]])],
     102        [gnutls_ocsp_ok="yes"],
     103        [gnutls_ocsp_ok="no"],
     104)
     105AC_MSG_RESULT([$gnutls_ocsp_ok])
     106AM_CONDITIONAL([ENABLE_OCSP_TEST], [test "${OPENSSL}" != "no" && test "${gnutls_ocsp_ok}" = "yes"])
    86107
    87108dnl Enable test namespaces? Default is "yes".
Note: See TracChangeset for help on using the changeset viewer.