upgrading from 2 to 3: gnutls_certificate_get_x509_c{a,rl}s

[Thomas Klausner]

Hi!

First off: I know nothing about gnutls except what I can google
together. I'm looking at compiling freeDiameter-1.1.2 on my system,
which has gnutls-3.0.22 installed.

It doesn't compile because of
../libfdcore/libfdcore.so.1.1.2: undefined reference to 
`gnutls_certificate_get_x509_crls'
../libfdcore/libfdcore.so.1.1.2: undefined reference to 
`gnutls_certificate_get_x509_cas'

I found
http://www.gnu.org/software/gnutls/manual/html_node/Upgrading-from-previous-versions.html
which says:

gnutls_certificate_get_x509_crls, gnutls_certificate_get_x509_cas:
Removed to allow updating the internal structures. Replaced by
gnutls_certificate_get_issuer.

The code looks like this:

                GNUTLS_TRACE( gnutls_certificate_get_x509_cas 
(fd_g_config->cnf_sec_data.credentials, &CA_list, (unsigned int *) 
&CA_list_length) );
                GNUTLS_TRACE( gnutls_certificate_get_x509_crls 
(fd_g_config->cnf_sec_data.credentials, &CRL_list, (unsigned int *) 
&CRL_list_length) );
                CHECK_GNUTLS_DO( gnutls_x509_crt_list_verify(certs, cert_max, 
CA_list, CA_list_length, CRL_list, CRL_list_length, 0, &verify),
                        {
                                TRACE_DEBUG(INFO, "Failed to verify the local 
certificate '%s' against local credentials. Please check your certificate is 
valid.", fd_g_config->cnf_sec_data.cert_file);
                                return EINVAL;
                        } );

I don't see how I can replace gnutls_certificate_get_x509_cas and
gnutls_certificate_get_x509_crls with gnutls_certificate_get_issuer
here because gnutls_x509_crt_list_verify needs CA_list and CRL_list
filled out by the two functions.

Please advise.

If we come up with a fix, the next question will be what you recommend
on keeping code backwards compatible with gnutls-2.

Thanks,
 Thomas