1 files changed, 73 insertions, 0 deletions

diff --git a/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/replace_deprecated_GnuTLS_functions.patch b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/replace_deprecated_GnuTLS_functions.patch
new file mode 100644
index 000000000..be05eee82
--- /dev/null
+++ b/import-layers/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/replace_deprecated_GnuTLS_functions.patch
@@ -0,0 +1,73 @@
+replace deprecated GnuTLS functions with newer ones if available
+
+closes https://github.com/rsyslog/rsyslog/issues/302
+
+Upstream fix https://github.com/rsyslog/rsyslog/commit/b34c35e38f258935c0e92ca754da097d7f3f0f58
+
+Upstream-Status: Backport
+Signed-off-by: Tudor Florea  <tudor.florea@enea.com>
+
+---
+ configure.ac       |  2 ++
+ runtime/nsd_gtls.c | 21 ++++++++++++++++++---
+ 2 files changed, 20 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 643fc94..56835fb 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -763,6 +763,8 @@ AC_ARG_ENABLE(gnutls,
+ if test "x$enable_gnutls" = "xyes"; then
+ 	PKG_CHECK_MODULES(GNUTLS, gnutls >= 1.4.0)
+ 	AC_DEFINE([ENABLE_GNUTLS], [1], [Indicator that GnuTLS is present])
++        AC_CHECK_LIB(gnutls, gnutls_global_init)
++	AC_CHECK_FUNCS(gnutls_certificate_set_retrieve_function,,)
+ fi
+ AM_CONDITIONAL(ENABLE_GNUTLS, test x$enable_gnutls = xyes)
+ 
+diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
+index a763e4b..e127834 100644
+--- a/runtime/nsd_gtls.c
++++ b/runtime/nsd_gtls.c
+@@ -232,15 +232,26 @@ gtlsLoadOurCertKey(nsd_gtls_t *pThis)
+  */
+ static int
+ gtlsClientCertCallback(gnutls_session session,
+-              __attribute__((unused)) const gnutls_datum* req_ca_rdn, int __attribute__((unused)) nreqs,
+-              __attribute__((unused)) const gnutls_pk_algorithm* sign_algos, int __attribute__((unused)) sign_algos_length,
+-              gnutls_retr_st *st)
++        __attribute__((unused)) const gnutls_datum* req_ca_rdn,
++	int __attribute__((unused)) nreqs,
++        __attribute__((unused)) const gnutls_pk_algorithm* sign_algos,
++	int __attribute__((unused)) sign_algos_length,
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++	gnutls_retr2_st* st
++#else
++        gnutls_retr_st *st
++#endif
++	)
+ {
+ 	nsd_gtls_t *pThis;
+ 
+ 	pThis = (nsd_gtls_t*) gnutls_session_get_ptr(session);
+ 
++#if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION
++	st->cert_type = GNUTLS_CRT_X509;
++#else
+ 	st->type = GNUTLS_CRT_X509;
++#endif
+ 	st->ncerts = 1;
+ 	st->cert.x509 = &pThis->ourCert;
+ 	st->key.x509 = pThis->ourKey;
+@@ -1625,7 +1625,11 @@ Connect(nsd_t *pNsd, int family, uchar *port, uchar *host)
+ 	gnutls_session_set_ptr(pThis->sess, (void*)pThis);
+ 	iRet = gtlsLoadOurCertKey(pThis); /* first load .pem files */
+ 	if(iRet == RS_RET_OK) {
++#		if HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION 
++		gnutls_certificate_set_retrieve_function(xcred, gtlsClientCertCallback);
++#		else
+ 		gnutls_certificate_client_set_retrieve_function(xcred, gtlsClientCertCallback);
++#	endif
+ 	} else if(iRet != RS_RET_CERTLESS) {
+ 		FINALIZE; /* we have an error case! */
+ 	}