[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] QEMU-TRAD Re: [PATCH] Fixed building with newer GNUTLS versions.

On Fri, Apr 01, 2016 at 12:45:26PM -0400, Konrad Rzeszutek Wilk wrote:

Hey Wei, Ian,

We really need this for Xen 4.7 - otherwise you cannot build qemu-trad under
Fedora Core 23:

home/konrad/ssd/konrad/xen/tools/qemu-xen-traditional-dir/hw/usb-net.c: In 
function ‘usbnet_receive’:
/home/konrad/ssd/konrad/xen/tools/qemu-xen-traditional-dir/hw/usb-net.c:1379:29:
 warning: comparison of constant ‘2’ with boolean expression is always false 
[-Wbool-compare]
         if (!s->rndis_state == RNDIS_DATA_INITIALIZED)
                             ^
/home/konrad/ssd/konrad/xen/tools/qemu-xen-traditional-dir/hw/usb-net.c:1379:29:
 warning: logical not is only applied to the left hand side of comparison 
[-Wlogical-not-parentheses]
/home/konrad/ssd/konrad/xen/tools/qemu-xen-traditional-dir/hw/usb-net.c: In 
function ‘usbnet_can_receive’:
/home/konrad/ssd/konrad/xen/tools/qemu-xen-traditional-dir/hw/usb-net.c:1412:37:
 warning: comparison of constant ‘2’ with boolean expression is always false 
[-Wbool-compare]
     if (s->rndis && !s->rndis_state == RNDIS_DATA_INITIALIZED)
                                     ^
/home/konrad/ssd/konrad/xen/tools/qemu-xen-traditional-dir/hw/usb-net.c:1412:37:
 warning: logical not is only applied to the left hand side of comparison 
[-Wlogical-not-parentheses]
audio/sdlaudio.c: In function ‘sdl_init_out’:
audio/sdlaudio.c:337:11: warning: ‘shift’ is used uninitialized in this 
function [-Wuninitialized]
     shift <<= as->nchannels == 2;
           ^
vnc.c:1929:1: warning: ‘gnutls_anon_server_credentials’ is deprecated 
[-Wdeprecated-declarations]
 {
 ^
vnc.c: In function ‘vnc_tls_initialize_anon_cred’:
vnc.c:1930:5: warning: ‘gnutls_anon_server_credentials’ is deprecated 
[-Wdeprecated-declarations]
     gnutls_anon_server_credentials anon_cred;
     ^
vnc.c: In function ‘vnc_start_tls’:
vnc.c:2180:6: warning: implicit declaration of function 
‘gnutls_kx_set_priority’ [-Wimplicit-function-declaration]
  if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : 
kx_anon) < 0) {
      ^
vnc.c:2187:6: warning: implicit declaration of function 
‘gnutls_certificate_type_set_priority’ [-Wimplicit-function-declaration]
  if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) 
< 0) {



Thanks.

> On Fri, Apr 01, 2016 at 06:31:00PM +0200, Sjoer van der Ploeg wrote:
> > Dear Konrad,
> > 
> > 
> > The patch was tested on my testbed, after discovering that the build
> > failed. I had no need for qemu-traditional and forgot to disable it, but I
> > hate build errors  ;)
> > 
> > I do not think there should be any issues with the certs, as the used
> > functions were deprecated as explained here:
> > 
> > https://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html
> 
> Thank you for the explanation.
> 
> Re-adding xen-devel and Ian as that information is most helkpul in the commit
> description!
> 
> Thank you.
> > 
> > 
> > Yours,
> > 
> > Sjoer van der Ploeg
> > 
> > On Fri, Apr 1, 2016 at 3:51 PM, Konrad Rzeszutek Wilk <
> > konrad.wilk@xxxxxxxxxx> wrote:
> > 
> > > On Thu, Mar 31, 2016 at 10:58:19PM +0200, Sjoer van der Ploeg wrote:
> > >
> > > Heya!
> > >
> > > Thank you for posting this and also adding the #ifdef for older
> > > versions!
> > >
> > > Was wondering thought - had you double-checked that the new
> > > code path works with the certs?
> > >
> > > Thanks!
> > >
> > > P.S.
> > > CC-ing Ian who is the QEMU-traditional maintainer.
> > > > Signed-off-by: Sjoer van der Ploeg <sfjuocekr@xxxxxxxxx>
> > > > ---
> > > >  vnc.c | 71
> > > +++++++++++++++++++++++++++++++++++++++++++++----------------------
> > > >  1 file changed, 48 insertions(+), 23 deletions(-)
> > > >
> > > > diff --git a/vnc.c b/vnc.c
> > > > index 573af3b..61d1555 100644
> > > > --- a/vnc.c
> > > > +++ b/vnc.c
> > > > @@ -1925,9 +1925,9 @@ static int vnc_tls_initialize(void)
> > > >      return 1;
> > > >  }
> > > >
> > > > -static gnutls_anon_server_credentials 
> > > > vnc_tls_initialize_anon_cred(void)
> > > > +static gnutls_anon_server_credentials_t
> > > vnc_tls_initialize_anon_cred(void)
> > > >  {
> > > > -    gnutls_anon_server_credentials anon_cred;
> > > > +    gnutls_anon_server_credentials_t anon_cred;
> > > >      int ret;
> > > >
> > > >      if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) <
> > > 0) {
> > > > @@ -2151,13 +2151,52 @@ static void vnc_handshake_io(void *opaque) {
> > > >       (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC ||    \
> > > >       (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
> > > >
> > > > +#if defined(GNUTLS_VERSION_NUMBER) && \
> > > > +    GNUTLS_VERSION_NUMBER >= 0x020200 /* 2.2.0 */
> > > > +static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
> > > > +{
> > > > +    const char *priority = x509 ? "NORMAL" : "NORMAL:+ANON-DH";
> > > > +    int rc;
> > > >
> > > > -static int vnc_start_tls(struct VncState *vs) {
> > > > -    static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
> > > > -    static const int protocol_priority[]= { GNUTLS_TLS1_1,
> > > GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
> > > > -    static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
> > > > -    static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
> > > GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
> > > > +    rc = gnutls_priority_set_direct(s, priority, NULL);
> > > > +    if (rc != GNUTLS_E_SUCCESS) {
> > > > +        return -1;
> > > > +    }
> > > > +    return 0;
> > > > +}
> > > > +#else
> > > > +static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
> > > > +{
> > > > +    static const int cert_types[] = { GNUTLS_CRT_X509, 0 };
> > > > +    static const int protocols[] = {
> > > > +        GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0
> > > > +    };
> > > > +    static const int kx_anon[] = { GNUTLS_KX_ANON_DH, 0 };
> > > > +    static const int kx_x509[] = {
> > > > +        GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
> > > > +        GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0
> > > > +    };
> > > > +    int rc;
> > > > +
> > > > +    rc = gnutls_kx_set_priority(s, x509 ? kx_x509 : kx_anon);
> > > > +    if (rc != GNUTLS_E_SUCCESS) {
> > > > +        return -1;
> > > > +    }
> > > > +
> > > > +    rc = gnutls_certificate_type_set_priority(s, cert_types);
> > > > +    if (rc != GNUTLS_E_SUCCESS) {
> > > > +        return -1;
> > > > +    }
> > > >
> > > > +    rc = gnutls_protocol_set_priority(s, protocols);
> > > > +    if (rc != GNUTLS_E_SUCCESS) {
> > > > +        return -1;
> > > > +    }
> > > > +    return 0;
> > > > +}
> > > > +#endif
> > > > +
> > > > +static int vnc_start_tls(struct VncState *vs) {
> > > >      VNC_DEBUG("Do TLS setup\n");
> > > >      if (vnc_tls_initialize() < 0) {
> > > >       VNC_DEBUG("Failed to init TLS\n");
> > > > @@ -2177,21 +2216,7 @@ static int vnc_start_tls(struct VncState *vs) {
> > > >           return -1;
> > > >       }
> > > >
> > > > -     if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ?
> > > kx_x509 : kx_anon) < 0) {
> > > > -         gnutls_deinit(vs->tls_session);
> > > > -         vs->tls_session = NULL;
> > > > -         vnc_client_error(vs);
> > > > -         return -1;
> > > > -     }
> > > > -
> > > > -     if (gnutls_certificate_type_set_priority(vs->tls_session,
> > > cert_type_priority) < 0) {
> > > > -         gnutls_deinit(vs->tls_session);
> > > > -         vs->tls_session = NULL;
> > > > -         vnc_client_error(vs);
> > > > -         return -1;
> > > > -     }
> > > > -
> > > > -     if (gnutls_protocol_set_priority(vs->tls_session,
> > > protocol_priority) < 0) {
> > > > +     if (vnc_set_gnutls_priority(vs->tls_session, !!NEED_X509_AUTH(vs))
> > > < 0) {
> > > >           gnutls_deinit(vs->tls_session);
> > > >           vs->tls_session = NULL;
> > > >           vnc_client_error(vs);
> > > > @@ -2219,7 +2244,7 @@ static int vnc_start_tls(struct VncState *vs) {
> > > >           }
> > > >
> > > >       } else {
> > > > -         gnutls_anon_server_credentials anon_cred =
> > > vnc_tls_initialize_anon_cred();
> > > > +         gnutls_anon_server_credentials_t anon_cred =
> > > vnc_tls_initialize_anon_cred();
> > > >           if (!anon_cred) {
> > > >               gnutls_deinit(vs->tls_session);
> > > >               vs->tls_session = NULL;
> > > > --
> > > > 2.8.0.rc3
> > > >
> > > >
> > > > _______________________________________________
> > > > Xen-devel mailing list
> > > > Xen-devel@xxxxxxxxxxxxx
> > > > http://lists.xen.org/xen-devel
> > >

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.