1. Patchew
  2. Libvirt
  3. View series

[libvirt] [PATCH] Fix TLS test suites with gnutls 3.6.0

Daniel P. Berrange posted 1 patch 6 years, 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20170829152556.28940-1-berrange@redhat.com
tests/virnettlshelpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[libvirt] [PATCH] Fix TLS test suites with gnutls 3.6.0
Posted by Daniel P. Berrange 6 years, 7 months ago 
With gnutls 3.6.0, SHA1 is no longer accepted for certificate
signatures. We must usw SHA256 instead.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 tests/virnettlshelpers.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/virnettlshelpers.c b/tests/virnettlshelpers.c
index 531d0b907..b735c4e2f 100644
--- a/tests/virnettlshelpers.c
+++ b/tests/virnettlshelpers.c
@@ -384,7 +384,7 @@ testTLSGenerateCert(struct testTLSCertReq *req,
      * If no 'ca' is set then we are self signing
      * the cert. This is done for the root CA certs
      */
-    if ((err = gnutls_x509_crt_sign(crt, ca ? ca : crt, privkey)) < 0) {
+    if ((err = gnutls_x509_crt_sign2(crt, ca ? ca : crt, privkey, GNUTLS_DIG_SHA256, 0)) < 0) {
         VIR_WARN("Failed to sign certificate %s", gnutls_strerror(err));
         abort();
     }
-- 
2.13.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix TLS test suites with gnutls 3.6.0
Posted by Peter Krempa 6 years, 7 months ago 
On Tue, Aug 29, 2017 at 16:25:56 +0100, Daniel Berrange wrote:
> With gnutls 3.6.0, SHA1 is no longer accepted for certificate
> signatures. We must usw SHA256 instead.

s/usw/use/

> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  tests/virnettlshelpers.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/virnettlshelpers.c b/tests/virnettlshelpers.c
> index 531d0b907..b735c4e2f 100644
> --- a/tests/virnettlshelpers.c
> +++ b/tests/virnettlshelpers.c
> @@ -384,7 +384,7 @@ testTLSGenerateCert(struct testTLSCertReq *req,
>       * If no 'ca' is set then we are self signing
>       * the cert. This is done for the root CA certs
>       */
> -    if ((err = gnutls_x509_crt_sign(crt, ca ? ca : crt, privkey)) < 0) {
> +    if ((err = gnutls_x509_crt_sign2(crt, ca ? ca : crt, privkey, GNUTLS_DIG_SHA256, 0)) < 0) {
>          VIR_WARN("Failed to sign certificate %s", gnutls_strerror(err));
>          abort();
>      }

ACK
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix TLS test suites with gnutls 3.6.0
Posted by Michal Privoznik 6 years, 7 months ago 
On 08/29/2017 05:25 PM, Daniel P. Berrange wrote:
> With gnutls 3.6.0, SHA1 is no longer accepted for certificate
> signatures. We must usw SHA256 instead.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  tests/virnettlshelpers.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/virnettlshelpers.c b/tests/virnettlshelpers.c
> index 531d0b907..b735c4e2f 100644
> --- a/tests/virnettlshelpers.c
> +++ b/tests/virnettlshelpers.c
> @@ -384,7 +384,7 @@ testTLSGenerateCert(struct testTLSCertReq *req,
>       * If no 'ca' is set then we are self signing
>       * the cert. This is done for the root CA certs
>       */
> -    if ((err = gnutls_x509_crt_sign(crt, ca ? ca : crt, privkey)) < 0) {
> +    if ((err = gnutls_x509_crt_sign2(crt, ca ? ca : crt, privkey, GNUTLS_DIG_SHA256, 0)) < 0) {
>          VIR_WARN("Failed to sign certificate %s", gnutls_strerror(err));
>          abort();
>      }
> 


ACK and safe for the freeze.

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.