GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

configure: always work-around brokenness of gnutls_certificate_set_key

Browse Source 
That is, instead of requiring the user to explicitly pass --with-broken-gnutls
warn at the end of the configure script.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
This commit is contained in:
Nikos Mavrogiannopoulos
2018-05-11 22:08:52 +02:00
parent 107b6440ad
commit ece70b0d6c
2 changed files with 15 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitlab-ci.yml
View File

@@ -32,8 +32,7 @@ Build/Ubuntu:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU_BUILD
script:
- git submodule update --init && autoreconf -fvi
- "! ./configure"
- ./configure --without-nuttcp-tests --with-broken-gnutls --without-docker-tests
- ./configure --without-nuttcp-tests --without-docker-tests
- make -j$(nproc) && make check -j$(nproc)
tags:
- shared

30
configure.ac
View File

@@ -52,23 +52,13 @@ AC_C_BIGENDIAN
PKG_CHECK_MODULES([LIBNETTLE], [nettle >= 2.7])
PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.3.0])
AC_ARG_WITH(broken-gnutls,
AS_HELP_STRING([--with-broken-gnutls], [allow the use of gnutls versions which have known bugs]),
skip_test_for_gnutls=$withval,
skip_test_for_gnutls=no)
if test "$skip_test_for_gnutls" = "no";then
if $PKG_CONFIG --max-version=3.5.4 gnutls;then
if $PKG_CONFIG --atleast-version=3.3.99 gnutls || $PKG_CONFIG --max-version=3.3.24 gnutls; then
AC_MSG_ERROR([[***
*** a broken version of gnutls was found; please update to the latest version of a supported
*** gnutls branch (e.g. as 3.3.x, 3.5.x, or 3.6.x), or compile with --with-broken-gnutls
***]])
fi
warn_leak=no
if $PKG_CONFIG --max-version=3.5.4 gnutls;then
if $PKG_CONFIG --atleast-version=3.3.99 gnutls || $PKG_CONFIG --max-version=3.3.24 gnutls; then
warn_leak=yes
AC_DEFINE([GNUTLS_BROKEN_CERTIFICATE_SET_KEY], [1],
[gnutls has a broken gnutls_certificate_set_key()])
fi
else
AC_DEFINE([GNUTLS_BROKEN_CERTIFICATE_SET_KEY], [1],
[gnutls has a broken gnutls_certificate_set_key()])
fi
if ! $PKG_CONFIG --atleast-version=3.0 nettle; then
@@ -618,6 +608,14 @@ Summary of build options:
local http-parser: ${with_local_http_parser}
])
if test "${warn_leak}" = "yes";then
AC_MSG_WARN([[***
*** a broken version of gnutls was found; will work around but server will leak memory;
*** please update to the latest version of a supported gnutls branch (e.g. as 3.3.x, 3.5.x, or 3.6.x)
*** for better server performance.
***]])
fi
if test "x${isolation}" = xnone;then
AC_MSG_WARN([[
***