mirror of
https://github.com/samba-team/samba.git
synced 2024-12-28 07:21:54 +03:00
53e3a959b9
We should use the default priority list. That is a good practice, because TLS protocol hardening and phasing out of legacy algorithms, is easier to co-ordinate when happens at a single place. See crypto policies of Fedora. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184
48 lines
1.7 KiB
Plaintext
48 lines
1.7 KiB
Plaintext
from waflib import Options
|
|
|
|
def parse_version(v):
|
|
return tuple(map(int, (v.split("."))))
|
|
|
|
gnutls_min_required_version = "3.4.7"
|
|
|
|
gnutls_required_version = gnutls_min_required_version
|
|
|
|
conf.CHECK_CFG(package='gnutls',
|
|
args=('"gnutls >= %s" --cflags --libs' % gnutls_required_version),
|
|
msg='Checking for GnuTLS >= %s' % gnutls_required_version,
|
|
mandatory=True)
|
|
|
|
gnutls_version = conf.cmd_and_log(conf.env.PKGCONFIG + ['--modversion', 'gnutls']).strip()
|
|
|
|
# Define gnutls as a system library
|
|
conf.SET_TARGET_TYPE('gnutls', 'SYSLIB')
|
|
|
|
# Check for gnutls_pkcs7_get_embedded_data_oid (>= 3.5.5) required by libmscat
|
|
conf.CHECK_FUNCS_IN('gnutls_pkcs7_get_embedded_data_oid', 'gnutls')
|
|
|
|
# Check for gnutls_set_default_priority_append (>= 3.6.3)
|
|
conf.CHECK_FUNCS_IN('gnutls_set_default_priority_append', 'gnutls')
|
|
|
|
# Check for gnutls_aead_cipher_encryptv2
|
|
#
|
|
# This is available since version 3.6.10, but 3.6.10 has a bug which got fixed
|
|
# in 3.6.11, see:
|
|
#
|
|
# https://gitlab.com/gnutls/gnutls/-/merge_requests/1085
|
|
if (parse_version('3.6.10') != parse_version(gnutls_version)):
|
|
conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls')
|
|
|
|
# Check if we have support for crypto policies
|
|
if conf.CHECK_FUNCS_IN('gnutls_get_system_config_file', 'gnutls'):
|
|
conf.DEFINE('HAVE_GNUTLS_CRYPTO_POLICIES', 1)
|
|
|
|
if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'):
|
|
conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1)
|
|
else:
|
|
Logs.warn('No gnutls support for AES CFB8')
|
|
|
|
if conf.CHECK_VALUEOF('GNUTLS_MAC_AES_CMAC_128', headers='gnutls/gnutls.h'):
|
|
conf.DEFINE('HAVE_GNUTLS_AES_CMAC', 1)
|
|
else:
|
|
Logs.warn('No gnutls support for AES CMAC')
|