From: David Woodhouse <David.Woodhouse@intel.com>
Date: Fri, 31 May 2013 13:12:59 +0000 (+0100)
Subject: Use gnutls_pubkey_verify_data2() only if we have gnutls_pk_to_sign()
X-Git-Tag: v5.01~8
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=221948f8d74dd33e877fa6eb3ba4582e138345a9;p=users%2Fdwmw2%2Fopenconnect.git

Use gnutls_pubkey_verify_data2() only if we have gnutls_pk_to_sign()

We need gnutls_pk_to_sign(), and gnutls_pubkey_verify_data() wasn't
deprecated until that arrived. So it's the correct thing to check for,
instead of just checking for gnutls_pubkey_verify_data2() itself.

Thanks to Jörg Mayer for reporting the build failure on openSUSE 12.1
with GnuTLS 3.0.3.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---

diff --git a/configure.ac b/configure.ac
index 7485db10..56d32b02 100644
--- a/configure.ac
+++ b/configure.ac
@@ -292,8 +292,8 @@ if test "$with_gnutls" = "yes"; then
 		 [AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
     AC_CHECK_FUNC(gnutls_certificate_set_key,
 		 [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_KEY, 1)], [])
-    AC_CHECK_FUNC(gnutls_pubkey_verify_data2,
-		 [AC_DEFINE(HAVE_GNUTLS_PUBKEY_VERIFY_DATA2, 1)], [])
+    AC_CHECK_FUNC(gnutls_pk_to_sign,
+		 [AC_DEFINE(HAVE_GNUTLS_PK_TO_SIGN, 1)], [])
     if test "$with_openssl" = "" || test "$with_openssl" = "no"; then
 	AC_CHECK_FUNC(gnutls_session_set_premaster,
 		 [have_gnutls_dtls=yes], [have_gnutls_dtls=no])
diff --git a/gnutls.c b/gnutls.c
index 3cf72315..2b3b45f0 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -583,7 +583,7 @@ static int assign_privkey(struct openconnect_info *vpninfo,
 static int verify_signed_data(gnutls_pubkey_t pubkey, gnutls_privkey_t privkey,
 			      const gnutls_datum_t *data, const gnutls_datum_t *sig)
 {
-#ifdef HAVE_GNUTLS_PUBKEY_VERIFY_DATA2
+#ifdef HAVE_GNUTLS_PK_TO_SIGN
 	gnutls_sign_algorithm_t algo = GNUTLS_SIGN_RSA_SHA1; /* TPM keys */
 
 	if (privkey != OPENCONNECT_TPM_PKEY)