Commit 9ed34b1f authored by Adrien Béraud's avatar Adrien Béraud Committed by gerrit2

contrib: bump minimum gnutls version to 3.3

In version 3.3, gnutls removed the need to call gnutls_global_init
and gnutls_global_deinit.

This allows to cleanup our gnutls init code.

http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html

Refs #76228

Change-Id: I0e35f1bbbf8d1f4515a423f834f91e03fdbae6c8
parent d4cd7693
......@@ -404,9 +404,9 @@ AC_ARG_WITH([tls],
[],
[with_tls=check])
AS_CASE(["$with_tls"],
[yes], [PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.1], [HAVE_GNUTLS=1])],
[yes], [PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.3], [HAVE_GNUTLS=1])],
[no], [HAVE_GNUTLS=0],
[PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.1], [HAVE_GNUTLS=1], [HAVE_GNUTLS=0])])
[PKG_CHECK_MODULES([GNUTLS], [gnutls >= 3.3], [HAVE_GNUTLS=1], [HAVE_GNUTLS=0])])
AC_DEFINE_UNQUOTED([HAVE_TLS], `if test $HAVE_GNUTLS -eq 1; then echo 1; else echo 0; fi`, [Define if you have tls support])
AM_CONDITIONAL(BUILD_TLS, test "$HAVE_GNUTLS" -eq 1)
......
......@@ -147,7 +147,6 @@ libring_la_SOURCES = conference.cpp \
string_utils.cpp \
rw_mutex.h \
ring_api.cpp \
gnutls_support.h \
rational.h
if HAVE_WIN32
......
......@@ -80,10 +80,6 @@
#include "client/ring_signal.h"
#include "dring/call_const.h"
#if HAVE_TLS
#include "security/gnutls_support.h"
#endif
#include "libav_utils.h"
#include "video/sinkclient.h"
......@@ -221,7 +217,6 @@ Manager::Manager() :
, ringbufferpool_(new RingBufferPool)
, callFactory(), conferenceMap_()
, accountFactory_(), ice_tf_()
, gnutlGIG_ {tls::GnuTlsGlobalInit::make_guard()}
{
// initialize random generator
// mt19937_64 should be seeded with 2 x 32 bits
......
......@@ -68,10 +68,6 @@ class YamlParser;
class YamlEmitter;
}
namespace tls {
class GnuTlsGlobalInit;
}
namespace video {
class SinkClient;
}
......@@ -1013,8 +1009,6 @@ class Manager {
/* ICE support */
std::unique_ptr<IceTransportFactory> ice_tf_;
std::unique_ptr<tls::GnuTlsGlobalInit> gnutlGIG_;
/* Sink ID mapping */
std::map<std::string, std::weak_ptr<video::SinkClient>> sinkMap_;
};
......
......@@ -64,7 +64,6 @@
#include "config/yamlparser.h"
#include "security/certstore.h"
#include "security/gnutls_support.h"
#include <opendht/securedht.h>
......@@ -89,7 +88,6 @@ constexpr const char * const RingAccount::ACCOUNT_TYPE;
RingAccount::RingAccount(const std::string& accountID, bool /* presenceEnabled */)
: SIPAccountBase(accountID), via_addr_()
, gtlsGIG_ {tls::GnuTlsGlobalInit::make_guard()}
{
fileutils::check_dir(fileutils::get_cache_dir().c_str());
cachePath_ = fileutils::get_cache_dir()+DIR_SEPARATOR_STR+getAccountID();
......
......@@ -73,10 +73,6 @@ const char *const DHT_PUBLIC_PROFILE = "dhtPublicProfile";
const char *const DHT_PUBLIC_IN_CALLS = "dhtPublicInCalls";
}
namespace tls {
class GnuTlsGlobalInit;
} // namespace tls
class IceTransport;
class RingAccount : public SIPAccountBase {
......@@ -411,8 +407,6 @@ class RingAccount : public SIPAccountBase {
char contactBuffer_[PJSIP_MAX_URL_SIZE] {};
pj_str_t contact_ {contactBuffer_, 0};
pjsip_transport *via_tp_ {nullptr};
std::unique_ptr<tls::GnuTlsGlobalInit> gtlsGIG_;
};
} // namespace ring
......
......@@ -32,7 +32,6 @@
#include "ice_transport.h"
#include "manager.h"
#include "logger.h"
#include "security/gnutls_support.h"
#include <gnutls/dtls.h>
#include <gnutls/abstract.h>
......@@ -67,8 +66,7 @@ SipsIceTransport::SipsIceTransport(pjsip_endpoint* endpt,
const TlsParams& param,
const std::shared_ptr<ring::IceTransport>& ice,
int comp_id)
: gtlsGIG_ {GnuTlsGlobalInit::make_guard()}
, pool_ {nullptr, pj_pool_release}
: pool_ {nullptr, pj_pool_release}
, rxPool_ (nullptr, pj_pool_release)
, trData_ ()
, ice_ (ice)
......
......@@ -58,8 +58,6 @@ class IceTransport;
namespace ring { namespace tls {
class GnuTlsGlobalInit;
enum class TlsConnectionState {
DISCONNECTED,
COOKIE,
......@@ -105,7 +103,6 @@ struct SipsIceTransport
}
private:
std::unique_ptr<GnuTlsGlobalInit> gtlsGIG_;
std::unique_ptr<pj_pool_t, decltype(pj_pool_release)&> pool_;
std::unique_ptr<pj_pool_t, decltype(pj_pool_release)&> rxPool_;
......
/*
* Copyright (C) 2004-2015 Savoir-Faire Linux Inc.
* Author: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify this program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, Savoir-Faire Linux Inc.
* grants you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#pragma once
#include <string>
#include <stdexcept>
#include <memory>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
namespace ring { namespace tls {
/**
* This class provides a C++ access to (de)initialization of GNU TLS library.
* Typically used with a std::unique_ptr to implement RAII behavior.
*/
class GnuTlsGlobalInit
{
public:
static std::unique_ptr<GnuTlsGlobalInit> make_guard() {
return std::unique_ptr<GnuTlsGlobalInit> {new GnuTlsGlobalInit};
}
~GnuTlsGlobalInit() {
gnutls_global_deinit();
}
private:
GnuTlsGlobalInit() {
const auto ret = gnutls_global_init();
if (ret < 0)
throw std::runtime_error("Can't initialise GNUTLS : "
+ std::string(gnutls_strerror(ret)));
}
};
}} // namespace ring::tls
......@@ -42,8 +42,6 @@
#include "logger.h"
#include "security_const.h"
#include "gnutls_support.h"
#include <sstream>
#include <iomanip>
......@@ -213,8 +211,7 @@ const Matrix2D<TlsValidator::CheckValuesType , TlsValidator::CheckValues , bool>
TlsValidator::TlsValidator(const std::string& certificate, const std::string& privatekey)
: gtlsGIG_ {tls::GnuTlsGlobalInit::make_guard()}
, certificatePath_(certificate)
: certificatePath_(certificate)
, privateKeyPath_(privatekey)
, certificateFound_(false)
{
......@@ -236,8 +233,7 @@ TlsValidator::TlsValidator(const std::string& certificate, const std::string& pr
}
TlsValidator::TlsValidator(const std::vector<uint8_t>& certificate_raw)
: gtlsGIG_ {tls::GnuTlsGlobalInit::make_guard()}
, certificateFound_(true)
: certificateFound_(true)
{
try {
x509crt_ = std::make_shared<dht::crypto::Certificate>(certificate_raw);
......@@ -248,8 +244,7 @@ TlsValidator::TlsValidator(const std::vector<uint8_t>& certificate_raw)
}
TlsValidator::TlsValidator(const std::shared_ptr<dht::crypto::Certificate>& crt)
: gtlsGIG_ {tls::GnuTlsGlobalInit::make_guard()}
, certificateFound_(true)
: certificateFound_(true)
{
try {
if (not crt)
......
......@@ -33,7 +33,6 @@
#include <memory>
namespace ring {namespace tls {
class GnuTlsGlobalInit;
#if !defined (S_IRWXG)
#define S_IRWXG 00070
......@@ -256,7 +255,6 @@ private:
static const Matrix1D<CertificateCheck, CheckValuesType> enforcedCheckType;
std::unique_ptr<tls::GnuTlsGlobalInit> gtlsGIG_;
std::string certificatePath_;
std::string privateKeyPath_;
std::vector<uint8_t> certificateContent_;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment