forked from osmocom/wireshark
GnuTLS: Bump minimum version to 3.3.0
Every supported distribution has at least the 3.3 branch of GnuTLS (stable branch starting in April 2014). That branch was maintained for bug-fixes until July 2018, so some distributions (e.g. RHEL7, SUSE Enterprise 12) are still on it, keeping us from requiring 3.4 yet. Also clarify a comment about when the Mac OS build of gnutls started being compiled with pkcs11 support.
This commit is contained in:
parent
fd6c5e6a9b
commit
fbd3fb3138
|
@ -1132,7 +1132,7 @@ reset_find_package(SMI SMI_SHARE_DIR)
|
|||
ws_find_package(SMI ENABLE_SMI HAVE_LIBSMI)
|
||||
|
||||
# Support for TLS decryption using RSA private keys.
|
||||
ws_find_package(GNUTLS ENABLE_GNUTLS HAVE_LIBGNUTLS "3.2.0")
|
||||
ws_find_package(GNUTLS ENABLE_GNUTLS HAVE_LIBGNUTLS "3.3.0")
|
||||
|
||||
# Kerberos
|
||||
ws_find_package(KERBEROS ENABLE_KERBEROS HAVE_KERBEROS)
|
||||
|
@ -1239,7 +1239,7 @@ if(GNUTLS_FOUND AND NOT GNUTLS_VERSION VERSION_LESS "3.4.0")
|
|||
# 3.4.0 or greater.
|
||||
#
|
||||
# Check that the support is present in case GnuTLS was compiled
|
||||
# --without-p11-kit as macos-setup.sh did until recently.
|
||||
# --without-p11-kit as macos-setup.sh did until December 2020.
|
||||
include(CheckSymbolExists)
|
||||
cmake_push_check_state()
|
||||
if(WIN32)
|
||||
|
|
|
@ -186,15 +186,11 @@ get_pkcs11_token_uris(void)
|
|||
continue;
|
||||
}
|
||||
|
||||
#if GNUTLS_VERSION_NUMBER >= 0x030300
|
||||
// The "Trust module" is useless for decryption, so do not return it.
|
||||
// We can only check this in GnuTLS 3.3.0, older versions lack this flag
|
||||
// and thus we will just return some useless keys.
|
||||
if ((flags & GNUTLS_PKCS11_TOKEN_TRUSTED)) {
|
||||
gnutls_free(uri);
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
|
||||
tokens = g_slist_prepend(tokens, g_strdup(uri));
|
||||
gnutls_free(uri);
|
||||
|
|
Loading…
Reference in New Issue