On Tue, Jun 15, 2021 at 07:16:17PM +0200, Philippe Mathieu-Daudé wrote: > On 6/15/21 6:52 PM, Daniel P. Berrangé wrote: > > On Tue, Jun 15, 2021 at 06:47:51PM +0200, Philippe Mathieu-Daudé wrote: > >> Code consuming the "crypto/tlscreds*.h" APIs doesn't need > >> to access its internals. Move the structure definitions to > >> the implementations in crypto/. The headers still forward > >> declare the structures typedef. > >> > >> This solves a bug introduced by commit 7de2e856533 which made > >> migration/qemu-file-channel.c include "io/channel-tls.h", > >> itself sometime depends on GNUTLS, leading to build failure > >> on OSX: > >> > >> [2/35] Compiling C object > >> libmigration.fa.p/migration_qemu-file-channel.c.o > >> FAILED: libmigration.fa.p/migration_qemu-file-channel.c.o > >> cc -Ilibmigration.fa.p -I. -I.. -Iqapi [ ... ] -o > >> libmigration.fa.p/migration_qemu-file-channel.c.o -c > >> ../migration/qemu-file-channel.c > >> In file included from ../migration/qemu-file-channel.c:29: > >> In file included from include/io/channel-tls.h:26: > >> In file included from include/crypto/tlssession.h:24: > >> include/crypto/tlscreds.h:28:10: fatal error: 'gnutls/gnutls.h' file not > >> found > >> #include <gnutls/gnutls.h> > >> ^~~~~~~~~~~~~~~~~ > >> 1 error generated. > >> > >> Reported-by: Stefan Weil <s...@weilnetz.de> > >> Suggested-by: Daniel P. Berrangé <berra...@redhat.com> > >> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/407 > >> Fixes: 7de2e856533 ("yank: Unregister function when using TLS migration") > >> Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> > >> --- > >> crypto/tlscredspriv.h | 15 +++++++++++++++ > >> include/crypto/tlscreds.h | 16 ---------------- > >> include/crypto/tlscredsanon.h | 12 ------------ > >> include/crypto/tlscredspsk.h | 12 ------------ > >> include/crypto/tlscredsx509.h | 10 ---------- > >> crypto/tlscredsanon.c | 13 +++++++++++++ > >> crypto/tlscredspsk.c | 14 ++++++++++++++ > >> crypto/tlscredsx509.c | 16 +++++++++++++--- > >> 8 files changed, 55 insertions(+), 53 deletions(-) > > > > Reviewed-by: Daniel P. Berrangé <berra...@redhat.com> > > Thanks, however I missed something: > > crypto/tlssession.c: In function ‘qcrypto_tls_session_new’: > crypto/tlssession.c:163:48: error: invalid use of incomplete typedef > ‘QCryptoTLSCredsAnon’ > 163 | acreds->data.server); > | ^~ > crypto/tlssession.c:167:48: error: invalid use of incomplete typedef > ‘QCryptoTLSCredsAnon’ > 167 | acreds->data.client); > | ^~ > crypto/tlssession.c:201:48: error: invalid use of incomplete typedef > ‘QCryptoTLSCredsPSK’ > 201 | pcreds->data.server); > | ^~ > crypto/tlssession.c:205:48: error: invalid use of incomplete typedef > ‘QCryptoTLSCredsPSK’ > 205 | pcreds->data.client); > | ^~ > crypto/tlssession.c:228:44: error: invalid use of incomplete typedef > ‘QCryptoTLSCredsX509’ > 228 | tcreds->data); > | ^~
Ah, yes, the tls session code needs to peer at the tlscred data. We could have a 'crypto/tlscredspriv.h' header that declares some accessors for getting this data from tls session. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
