From 78af457eefaf40e66a28b00446c03f8ee9a7f30f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Mon, 23 Dec 2013 09:01:42 +0100
Subject: [PATCH] virnettlscontexttest fails with GNUTLS 3.0.28

On openSUSE 12.x with GNUTLS 3.0.28, virnettlscontexttest fails. It has
been reported to work from GNUTLS 3.1.11 on Fedora 19. Changed the
constraints on gnutls to 3.1+ for unit test cacert4req.

Signed-off-by: Eric Blake <eblake@redhat.com>
---
 tests/virnettlscontexttest.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
index fc512fc..1cc9946 100644
--- a/tests/virnettlscontexttest.c
+++ b/tests/virnettlscontexttest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Red Hat, Inc.
+ * Copyright (C) 2011-2013 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -265,10 +265,12 @@ mymain(void)
 
     /* Technically a CA cert with basic constraints
      * key purpose == key signing + non-critical should
-     * be rejected. GNUTLS < 3 does not reject it and
+     * be rejected. GNUTLS < 3.1 does not reject it and
      * we don't anticipate them changing this behaviour
      */
-    DO_CTX_TEST(true, cacert4req.filename, servercert4req.filename, GNUTLS_VERSION_MAJOR >= 3);
+    DO_CTX_TEST(true, cacert4req.filename, servercert4req.filename,
+                (GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR >= 1) ||
+                GNUTLS_VERSION_MAJOR > 3);
     DO_CTX_TEST(true, cacert5req.filename, servercert5req.filename, true);
     DO_CTX_TEST(true, cacert6req.filename, servercert6req.filename, true);
 
-- 
1.8.4.4