Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Cope with lack of gnutls_certificate_set_key() in GnuTLS 2.12
We *can* use arbitrary privkeys, by using the cert_callback to provide
them on demand.

And even without gnutls_privkey_import_ext() to give us a constructed
privkey that represents the TPM key, we can cope by registering a
sign_callback on the TLS session.

This means that we can support the TPM, and also fix the lack of extra
supporting certs and expiry check when using PKCS#11 certs with GnuTLS 2.12.

It also means my code is an even bigger mess of #ifdefs than it was before.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 14, 2012
1 parent 6e4ce24 commit 25d9be5
Show file tree
Hide file tree
Showing 4 changed files with 212 additions and 45 deletions.
7 changes: 1 addition & 6 deletions configure.ac
Expand Up @@ -210,9 +210,7 @@ if test "$with_gnutls" = "yes"; then
AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
[AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
AC_CHECK_FUNC(gnutls_certificate_set_key,
[have_set_key=yes
AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)],
[have_set_key=no])
[AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)], [])
if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
AC_CHECK_FUNC(gnutls_session_set_premaster,
[have_gnutls_dtls=yes], [have_gnutls_dtls=no])
Expand Down Expand Up @@ -245,8 +243,6 @@ if test "$with_gnutls" = "yes"; then
AC_CHECK_FUNC(gnutls_pkcs11_add_provider,
[PKG_CHECK_MODULES(P11KIT, p11-kit-1, [AC_DEFINE(HAVE_P11KIT)
AC_SUBST(P11KIT_PC, p11-kit-1)], [:])], [])
LIBS="$oldLIBS"
if test "$have_set_key" = "yes"; then
LIBS="$oldlibs -ltspi"
AC_MSG_CHECKING([for tss library])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
Expand All @@ -260,7 +256,6 @@ if test "$with_gnutls" = "yes"; then
AC_DEFINE(HAVE_TROUSERS, 1)],
[AC_MSG_RESULT(no)])
LIBS="$oldlibs"
fi
elif test "$with_gnutls" != "" && test "$with_gnutls" != "no"; then
AC_MSG_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported])
fi
Expand Down

0 comments on commit 25d9be5

Please sign in to comment.