This is a multi-part message in MIME format. --------------010505020103090906040401 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit

This might be a better patch, if the build system change is acceptable.

--------------010505020103090906040401 Content-Type: text/x-patch; name="0001-ITS-7877-detect-whether-gnutls-uses-gcrypt.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-ITS-7877-detect-whether-gnutls-uses-gcrypt.patch"

From e904900beb419576abc098e96deda04e53119603 Mon Sep 17 00:00:00 2001

From: Ryan Tandy ryan@nardis.ca Date: Fri, 20 Jun 2014 14:44:23 -0700 Subject: [PATCH] ITS#7877 detect whether gnutls uses gcrypt

--- configure.in | 14 ++++++++++++++ libraries/libldap/tls_g.c | 20 ++++++++++++++++++-- 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/configure.in b/configure.in index 84bfc8a..27fe13a 100644 --- a/configure.in +++ b/configure.in @@ -1223,6 +1223,20 @@ if test $ol_link_tls = no ; then fi fi

+if test $ol_with_tls = gnutls ; then + AC_CHECK_HEADERS(gcrypt.h) + + if test $ac_cv_header_gcrypt_h = yes ; then + AC_CHECK_LIB(gnutls, gcry_cipher_open, + [have_gnutls_gcrypt=yes], [have_gnutls_gcrypt=no]) + + if test $have_gnutls_gcrypt = yes ; then + AC_DEFINE(HAVE_GNUTLS_GCRYPT, 1, + [define if GnuTLS is using GCrypt]) + fi + fi +fi + dnl NOTE: caller must specify -I/path/to/nspr4 and -I/path/to/nss3 dnl and -L/path/to/nspr4 libs and -L/path/to/nss3 libs if those libs dnl are not in the default system location diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c index ee83b5c..417c768 100644 --- a/libraries/libldap/tls_g.c +++ b/libraries/libldap/tls_g.c @@ -43,10 +43,16 @@

#include <gnutls/gnutls.h> #include <gnutls/x509.h> -#include <gcrypt.h>

#if LIBGNUTLS_VERSION_NUMBER >= 0x020200 #define HAVE_CIPHERSUITES 1 +#else +#undef HAVE_CIPHERSUITES +#endif + +#ifdef HAVE_GNUTLS_GCRYPT +#include <gcrypt.h> +#if LIBGNUTLS_VERSION_NUMBER >= 0x020200 /* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x * but that dependency isn't reflected in their configure script, resulting in * build errors on older gcrypt. So, if they have a working build environment, @@ -54,9 +60,9 @@ */ #define HAVE_GCRYPT_RAND 1 #else -#undef HAVE_CIPHERSUITES #undef HAVE_GCRYPT_RAND #endif +#endif

#ifndef HAVE_CIPHERSUITES /* Versions prior to 2.2.0 didn't handle cipher suites, so we had to @@ -143,6 +149,15 @@ tlsg_mutex_unlock( void **lock ) return ldap_pvt_thread_mutex_unlock( *lock ); }

+#if GNUTLS_VERSION_NUMBER >= 0x020b00 +tlsg_thr_init( void ) +{ + gnutls_global_set_mutex (tlsg_mutex_init, + tlsg_mutex_destroy, + tlsg_mutex_lock, + tlsg_mutex_unlock); +} +#else static struct gcry_thread_cbs tlsg_thread_cbs = { GCRY_THREAD_OPTION_USER, NULL, @@ -158,6 +173,7 @@ tlsg_thr_init( void ) { gcry_control (GCRYCTL_SET_THREAD_CBS, &tlsg_thread_cbs); } +#endif #endif /* LDAP_R_COMPILE */

/*