[gnutls] do not use the local resolver in dane check
Nikos Mavrogiannopoulos
nmav at fedoraproject.org
Wed Jul 23 12:50:40 UTC 2014
commit 27d3525b382d21cde35215bc2c9225317a6ceb4b
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Wed Jul 23 14:38:30 2014 +0200
do not use the local resolver in dane check
gnutls-2.12.21-fips-algorithms.patch | 209 ----------------------------------
gnutls-3.3.6-dane-test.patch | 13 ++
gnutls.spec | 7 +-
3 files changed, 15 insertions(+), 214 deletions(-)
---
diff --git a/gnutls-3.3.6-dane-test.patch b/gnutls-3.3.6-dane-test.patch
new file mode 100644
index 0000000..0a41331
--- /dev/null
+++ b/gnutls-3.3.6-dane-test.patch
@@ -0,0 +1,13 @@
+diff --git a/tests/dane.c b/tests/dane.c
+index d4112a8..3c8ca58 100644
+--- a/tests/dane.c
++++ b/tests/dane.c
+@@ -57,7 +57,7 @@ static void dane_raw_check(void)
+ int secure;
+ int bogus;
+
+- ret = dane_state_init(&s, 0);
++ ret = dane_state_init(&s, DANE_F_IGNORE_LOCAL_RESOLVER);
+ if (ret < 0) {
+ fail("dane_state_init: %s\n", dane_strerror(ret));
+ }
diff --git a/gnutls.spec b/gnutls.spec
index 1065acc..84893a7 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -32,8 +32,7 @@ Source0: %{name}-%{version}-hobbled.tar.xz
Source1: libgnutls-config
Source2: hobble-gnutls
Patch1: gnutls-3.2.7-rpath.patch
-# Use only FIPS approved ciphers in the FIPS mode
-Patch2: gnutls-2.12.21-fips-algorithms.patch
+Patch2: gnutls-3.3.6-dane-test.patch
Patch3: gnutls-3.1.11-nosrp.patch
Patch4: gnutls-3.3.6-default-policy.patch
@@ -136,9 +135,7 @@ This package contains Guile bindings for the library.
%setup -q
%patch1 -p1 -b .rpath
-# This patch is not applicable as we use nettle now but some parts will be
-# later reused.
-#%patch2 -p1 -b .fips
+%patch2 -p1 -b .dane-test
%patch3 -p1 -b .nosrp
%patch4 -p1 -b .default-policy
sed 's/gnutls_srp.c//g' -i lib/Makefile.in
More information about the scm-commits
mailing list