Re: [libvirt] [PATCH] Fix import of private key with older gnutls
On Mon, Jul 25, 2011 at 06:18:42PM +0100, Daniel P. Berrange wrote: With older GNUTLS the gnutls_x509_privkey_import function is unable to import our private key. Instead we must use the alternative gnutls_x509_privkey_import_pkcs8() (as certtool does). * virnettlscontexttest.c: Fix import of private key with older gnutls. Also add missing newlines to key I just got in trouble with an older gnutls trying to build on RHEL-5 too: ../src/.libs/libvirt-net-rpc.a(libvirt_net_rpc_la-virnettlscontext.o): In function `virNetTLSContextCheckCertBasicConstraints': /u/veillard/libvirt/src/rpc/virnettlscontext.c:149: undefined reference to `gnutls_x509_crt_get_basic_constraints' collect2: ld returned 1 exit status Maybe we should check for that specific entry point in configure and disable that part of the cert checking if not available, opinion ? Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix import of private key with older gnutls
On Tue, Jul 26, 2011 at 06:14:27PM +0800, Daniel Veillard wrote: On Mon, Jul 25, 2011 at 06:18:42PM +0100, Daniel P. Berrange wrote: With older GNUTLS the gnutls_x509_privkey_import function is unable to import our private key. Instead we must use the alternative gnutls_x509_privkey_import_pkcs8() (as certtool does). * virnettlscontexttest.c: Fix import of private key with older gnutls. Also add missing newlines to key I just got in trouble with an older gnutls trying to build on RHEL-5 too: ../src/.libs/libvirt-net-rpc.a(libvirt_net_rpc_la-virnettlscontext.o): In function `virNetTLSContextCheckCertBasicConstraints': /u/veillard/libvirt/src/rpc/virnettlscontext.c:149: undefined reference to `gnutls_x509_crt_get_basic_constraints' collect2: ld returned 1 exit status Maybe we should check for that specific entry point in configure and disable that part of the cert checking if not available, I'm looking into that now. There may well be a different function I can use to get the same data. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] Fix import of private key with older gnutls
With older GNUTLS the gnutls_x509_privkey_import function is unable to import our private key. Instead we must use the alternative gnutls_x509_privkey_import_pkcs8() (as certtool does). * virnettlscontexttest.c: Fix import of private key with older gnutls. Also add missing newlines to key --- tests/virnettlscontexttest.c | 47 - 1 files changed, 27 insertions(+), 20 deletions(-) diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index dfc0ac4..f2af4f0 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -57,24 +57,24 @@ extern const ASN1_ARRAY_TYPE pkix_asn1_tab[]; * here's one we prepared earlier :-) */ gnutls_x509_privkey_t privkey; -# define PRIVATE_KEY \ --BEGIN PRIVATE KEY-\n \ -MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr \ -BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE \ -Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9 \ -rPolUY2lIVC83q0BBaOBkCj2RSmT2xTEbbC2xLukSrg2WP/ihVOxc \ -kXRuyFtzAgMBAAECgYB7slBexDwXrtItAMIH6m/U+LUpNe0Xx48OL \ -IOn4a4whNgO/o84uIwygUK27ZGFZT0kAGAk8CdF9hA6ArcbQ62s1H \ -myxrUbF9/mrLsQw1NEqpuUk9Ay2Tx5U/wPx35S3W/X2AvR/ZpTnCn \ -2q/7ym9fyiSoj86drD7BTvmKXlOnOwQJBAPOFMp4mMa9NGpGuEssO \ -m3Uwbp6lhcP0cA9MK+iOmeANpoKWfBdk5O34VbmeXnGYWEkrnX+9J \ -bM4wVhnnBWtgBMCQQC+qAEmvwcfhauERKYznMVUVksyeuhxhCe7EK \ -mPh+U2+g0WwdKvGDgO0PPt1gq0ILEjspMDeMHVdTwkaVBo/uMhAkA \ -Z5SsZyCP2aTOPFDypXRdI4eqRcjaEPOUBq27r3uYb/jeboVb2weLa \ -L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd \ -a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W \ -nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp \ -dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n \ +# define PRIVATE_KEY \ +-BEGIN PRIVATE KEY-\n \ +MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr\n \ +BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE\n \ +Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9\n \ +rPolUY2lIVC83q0BBaOBkCj2RSmT2xTEbbC2xLukSrg2WP/ihVOxc\n \ +kXRuyFtzAgMBAAECgYB7slBexDwXrtItAMIH6m/U+LUpNe0Xx48OL\n \ +IOn4a4whNgO/o84uIwygUK27ZGFZT0kAGAk8CdF9hA6ArcbQ62s1H\n \ +myxrUbF9/mrLsQw1NEqpuUk9Ay2Tx5U/wPx35S3W/X2AvR/ZpTnCn\n \ +2q/7ym9fyiSoj86drD7BTvmKXlOnOwQJBAPOFMp4mMa9NGpGuEssO\n \ +m3Uwbp6lhcP0cA9MK+iOmeANpoKWfBdk5O34VbmeXnGYWEkrnX+9J\n \ +bM4wVhnnBWtgBMCQQC+qAEmvwcfhauERKYznMVUVksyeuhxhCe7EK\n \ +mPh+U2+g0WwdKvGDgO0PPt1gq0ILEjspMDeMHVdTwkaVBo/uMhAkA\n \ +Z5SsZyCP2aTOPFDypXRdI4eqRcjaEPOUBq27r3uYb/jeboVb2weLa\n \ +L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd\n \ +a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W\n \ +nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp\n \ +dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n \ -END PRIVATE KEY-\n @@ -419,8 +419,15 @@ static gnutls_x509_privkey_t testTLSLoadKey(void) if ((err = gnutls_x509_privkey_import(key, data, GNUTLS_X509_FMT_PEM)) 0) { -VIR_WARN(Failed to init key %s, gnutls_strerror(err)); -abort(); +if (err != GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { +VIR_WARN(Failed to import key %s, gnutls_strerror(err)); +abort(); +} + +if ((err = gnutls_x509_privkey_import_pkcs8(key, data, GNUTLS_X509_FMT_PEM, NULL, 0)) 0) { +VIR_WARN(Failed to import PKCS8 key %s, gnutls_strerror(err)); +abort(); +} } return key; -- 1.7.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix import of private key with older gnutls
2011/7/25 Daniel P. Berrange berra...@redhat.com: With older GNUTLS the gnutls_x509_privkey_import function is unable to import our private key. Instead we must use the alternative gnutls_x509_privkey_import_pkcs8() (as certtool does). * virnettlscontexttest.c: Fix import of private key with older gnutls. Also add missing newlines to key --- tests/virnettlscontexttest.c | 47 - 1 files changed, 27 insertions(+), 20 deletions(-) ACK, this makes virnettlscontexttest pass for me with gnutls 2.8.6. -- Matthias Bolte http://photron.blogspot.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Fix import of private key with older gnutls
On 07/25/2011 11:59 AM, Matthias Bolte wrote: 2011/7/25 Daniel P. Berrangeberra...@redhat.com: With older GNUTLS the gnutls_x509_privkey_import function is unable to import our private key. Instead we must use the alternative gnutls_x509_privkey_import_pkcs8() (as certtool does). * virnettlscontexttest.c: Fix import of private key with older gnutls. Also add missing newlines to key --- tests/virnettlscontexttest.c | 47 - 1 files changed, 27 insertions(+), 20 deletions(-) ACK, this makes virnettlscontexttest pass for me with gnutls 2.8.6. Likewise, so I've pushed the patch. Thanks for tracking this down. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list