On 18/09/2025 01.21, Zhuoying Cai wrote:
Always compile x509-utils.c and add a fallback when GNUTLS is
unavailable.
Maybe add some rationale to the description, like "we are going to need
these functions in the s390x code even if GNUTLS is not available" or so?
Thomas
Signed-off-by: Zhuoying Cai <[email protected]>
---
crypto/meson.build | 5 +----
crypto/x509-utils.c | 16 ++++++++++++++++
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/crypto/meson.build b/crypto/meson.build
index 735635de1f..0614bfa914 100644
--- a/crypto/meson.build
+++ b/crypto/meson.build
@@ -22,12 +22,9 @@ crypto_ss.add(files(
'tlscredsx509.c',
'tlssession.c',
'rsakey.c',
+ 'x509-utils.c',
))
-if gnutls.found()
- crypto_ss.add(files('x509-utils.c'))
-endif
-
if nettle.found()
crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c',
'pbkdf-nettle.c'))
if hogweed.found()
diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
index 39bb6d4d8c..6176a88653 100644
--- a/crypto/x509-utils.c
+++ b/crypto/x509-utils.c
@@ -11,6 +11,8 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "crypto/x509-utils.h"
+
+#ifdef CONFIG_GNUTLS
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
#include <gnutls/x509.h>
@@ -78,3 +80,17 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t
size,
gnutls_x509_crt_deinit(crt);
return ret;
}
+
+#else /* ! CONFIG_GNUTLS */
+
+int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
+ QCryptoHashAlgo hash,
+ uint8_t *result,
+ size_t *resultlen,
+ Error **errp)
+{
+ error_setg(errp, "GNUTLS is required to get fingerprint");
+ return -1;
+}
+
+#endif /* ! CONFIG_GNUTLS */
