GNUTLS 3.5.6 broke wildcard support by reversing the fields in the reported dname. This regression will be fixed in 3.5.7, so rather than workaround it in libvirt we just blacklist that version
https://lists.gnupg.org/pipermail/gnutls-devel/2016-November/008224.html Signed-off-by: Daniel P. Berrange <berra...@redhat.com> --- tests/virnettlssessiontest.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c index 0d2e106..b146072 100644 --- a/tests/virnettlssessiontest.c +++ b/tests/virnettlssessiontest.c @@ -374,6 +374,14 @@ mymain(void) DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename, false, false, "wiki.libvirt.org", NULL); +#if GNUTLS_VERSION_NUMBER != 0x030506 + /* + * GNUTLS 3.5.6 broke wildcard support by reversing the + * fields in the reported dname. This regression will + * be fixed in 3.5.7, so rather than workaround it in + * libvirt we just blacklist that version + * https://lists.gnupg.org/pipermail/gnutls-devel/2016-November/008224.html + */ const char *const wildcards1[] = { "C=UK,CN=dogfood", NULL, @@ -412,6 +420,7 @@ mymain(void) false, false, "libvirt.org", wildcards5); DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename, false, false, "libvirt.org", wildcards6); +#endif TLS_ROOT_REQ(cacertrootreq, "UK", "libvirt root", NULL, NULL, NULL, NULL, -- 2.9.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
