build: Bump gnutls-devel build dependency

This ensures that certificate validation functions work as expected. Now
that master does not support RHEL/CentOS 7 any more anyway, we can
assume gnutls ≥ 3.4.3.

Closes #12764
This commit is contained in:
Martin Pitt 2019-09-10 21:33:24 +02:00 committed by Martin Pitt
parent a22658e9b7
commit 2351ae5d4c
4 changed files with 3 additions and 7 deletions

View File

@ -73,7 +73,7 @@ GIO_REQUIREMENT="gio-unix-2.0 >= $GIO_VERSION gio-2.0 >= $GIO_VERSION"
LIBSYSTEMD_REQUIREMENT="libsystemd >= 235"
JSON_GLIB_REQUIREMENT="json-glib-1.0 >= 0.14.0"
POLKIT_REQUIREMENT="polkit-agent-1 >= 0.105"
GNUTLS_REQUIREMENT="gnutls >= 3.3.0"
GNUTLS_REQUIREMENT="gnutls >= 3.4.3"
KRB5_REQUIREMENT="krb5-gssapi >= 1.11 krb5 >= 1.11"
PKG_CHECK_MODULES(GIO, [$GIO_REQUIREMENT])

View File

@ -465,16 +465,12 @@ test_tls_client_cert_disabled (TestCase *tc, gconstpointer data)
static void
test_tls_client_cert_expired (TestCase *tc, gconstpointer data)
{
#if GNUTLS_VERSION_NUMBER < 0x030403
g_test_skip ("too old GnuTLS, cannot validate certificate properties");
#else
/* expect_tls_failure==true only does a coarse-grained check that the request
* fails anywhere during handshake or the first send/recv. GnuTLS 3.6.4
* introduces TLS 1.3 by default, which has only a two-step handshake: that
* does not pick up the server's late failing handshake from the verify
* function, only the next read/write attempt does */
assert_https_outcome (tc, CLIENT_EXPIRED_CERTFILE, CLIENT_KEYFILE, 1, true);
#endif
}
static void

View File

@ -75,7 +75,7 @@ BuildRequires: intltool
BuildRequires: libssh-devel >= 0.7.1
%endif
BuildRequires: openssl-devel
BuildRequires: gnutls-devel
BuildRequires: gnutls-devel >= 3.4.3
BuildRequires: zlib-devel
BuildRequires: krb5-devel >= 1.11
BuildRequires: libxslt-devel

View File

@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 10),
libkrb5-dev (>= 1.11),
libxslt1-dev,
libglib2.0-dev,
libgnutls28-dev | gnutls-dev,
libgnutls28-dev (>= 3.4.3) | gnutls-dev,
libsystemd-dev (>= 235),
libpolkit-agent-1-dev,
libpcp3-dev,