new upstream version, requires rebuild of dependencies

- this release temporarily includes old compatibility .so

.gitignore

@@ -19,3 +19,4 @@ gnutls-2.10.1-nosrp.tar.bz2
 /gnutls-2.12.20-nosrp.tar.xz
 /gnutls-2.12.21-nosrp.tar.xz
 /gnutls-2.12.22-nosrp.tar.xz
+/gnutls-3.1.7-hobbled.tar.xz

gnutls-2.12.11-rpath.patch

@@ -1,103 +0,0 @@
-diff -up gnutls-2.12.11/build-aux/config.rpath gnutls-2.12.11/build-aux/config
-diff -up gnutls-2.12.11/configure.rpath gnutls-2.12.11/configure
---- gnutls-2.12.11/configure.rpath	2011-09-18 20:32:37.000000000 +0200
-+++ gnutls-2.12.11/configure	2011-09-27 18:32:17.000000000 +0200
-@@ -16377,7 +16377,7 @@ shlibpath_var=
- shlibpath_overrides_runpath=unknown
- version_type=none
- dynamic_linker="$host_os ld.so"
--sys_lib_dlsearch_path_spec="/lib /usr/lib"
-+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
- need_lib_prefix=unknown
- hardcode_into_libs=no
- 
-@@ -16835,7 +16835,7 @@ fi
-   # Append ld.so.conf contents to the search path
-   if test -f /etc/ld.so.conf; then
-     lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
--    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-+    sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra"
-   fi
- 
-   # We used to test for /lib/ld.so.1 and disable shared libraries on
-@@ -20228,7 +20228,7 @@ shlibpath_var=
- shlibpath_overrides_runpath=unknown
- version_type=none
- dynamic_linker="$host_os ld.so"
--sys_lib_dlsearch_path_spec="/lib /usr/lib"
-+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
- need_lib_prefix=unknown
- hardcode_into_libs=no
- 
-@@ -20684,7 +20684,7 @@ fi
-   # Append ld.so.conf contents to the search path
-   if test -f /etc/ld.so.conf; then
-     lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
--    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-+    sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra"
-   fi
- 
-   # We used to test for /lib/ld.so.1 and disable shared libraries on
-diff -up gnutls-2.12.11/lib/build-aux/config.rpath gnutls-2.12.11/lib/build-aux/config
-diff -up gnutls-2.12.11/lib/configure.rpath gnutls-2.12.11/lib/configure
---- gnutls-2.12.11/lib/configure.rpath	2011-09-18 20:31:32.000000000 +0200
-+++ gnutls-2.12.11/lib/configure	2011-09-27 18:33:22.000000000 +0200
-@@ -11989,7 +11989,7 @@ shlibpath_var=
- shlibpath_overrides_runpath=unknown
- version_type=none
- dynamic_linker="$host_os ld.so"
--sys_lib_dlsearch_path_spec="/lib /usr/lib"
-+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
- need_lib_prefix=unknown
- hardcode_into_libs=no
- 
-@@ -12447,7 +12447,7 @@ fi
-   # Append ld.so.conf contents to the search path
-   if test -f /etc/ld.so.conf; then
-     lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
--    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-+    sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra"
-   fi
- 
-   # We used to test for /lib/ld.so.1 and disable shared libraries on
-@@ -30102,7 +30102,8 @@ shlibpath_var=
- shlibpath_overrides_runpath=unknown
- version_type=none
- dynamic_linker="$host_os ld.so"
--sys_lib_dlsearch_path_spec="/lib /usr/lib"
-+
-+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
- need_lib_prefix=unknown
- hardcode_into_libs=no
- 
-@@ -30558,7 +30559,7 @@ fi
-   # Append ld.so.conf contents to the search path
-   if test -f /etc/ld.so.conf; then
-     lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
--    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-+    sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra"
-   fi
- 
-   # We used to test for /lib/ld.so.1 and disable shared libraries on
-diff -up gnutls-2.12.11/libextra/build-aux/config.rpath gnutls-2.12.11/libextra/build-aux/config
-diff -up gnutls-2.12.11/libextra/configure.rpath gnutls-2.12.11/libextra/configure
---- gnutls-2.12.11/libextra/configure.rpath	2011-09-18 20:32:07.000000000 +0200
-+++ gnutls-2.12.11/libextra/configure	2011-09-27 18:33:55.000000000 +0200
-@@ -10658,7 +10658,7 @@ shlibpath_var=
- shlibpath_overrides_runpath=unknown
- version_type=none
- dynamic_linker="$host_os ld.so"
--sys_lib_dlsearch_path_spec="/lib /usr/lib"
-+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
- need_lib_prefix=unknown
- hardcode_into_libs=no
- 
-@@ -11116,7 +11116,7 @@ fi
-   # Append ld.so.conf contents to the search path
-   if test -f /etc/ld.so.conf; then
-     lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
--    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-+    sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra"
-   fi
- 
-   # We used to test for /lib/ld.so.1 and disable shared libraries on

gnutls-2.12.2-nosrp.patch

@@ -1,53 +0,0 @@
-diff -up gnutls-2.12.2/doc/cha-auth.texi.nosrp gnutls-2.12.2/doc/cha-auth.texi
---- gnutls-2.12.2/doc/cha-auth.texi.nosrp	2011-04-08 02:30:44.000000000 +0200
-+++ gnutls-2.12.2/doc/cha-auth.texi	2011-04-19 09:46:25.000000000 +0200
-@@ -255,9 +255,9 @@ authenticated using a certificate with R
- 
- If clients supporting @acronym{SRP} know the username and password
- before the connection, should initialize the client credentials and
--call the function @ref{gnutls_srp_set_client_credentials}.
-+call the function gnutls_srp_set_client_credentials.
- Alternatively they could specify a callback function by using the
--function @ref{gnutls_srp_set_client_credentials_function}.  This has
-+function gnutls_srp_set_client_credentials_function.  This has
- the advantage that allows probing the server for @acronym{SRP}
- support.  In that case the callback function will be called twice per
- handshake.  The first time is before the ciphersuite is negotiated,
-@@ -272,20 +272,20 @@ In server side the default behaviour of 
- the usernames and @acronym{SRP} verifiers from password files. These
- password files are the ones used by the @emph{Stanford srp libraries}
- and can be specified using the
--@ref{gnutls_srp_set_server_credentials_file}.  If a different
-+gnutls_srp_set_server_credentials_file.  If a different
- password file format is to be used, then the function
--@ref{gnutls_srp_set_server_credentials_function}, should be called,
-+gnutls_srp_set_server_credentials_function, should be called,
- in order to set an appropriate callback.
- 
- Some helper functions such as
- 
- @itemize
- 
--@item @ref{gnutls_srp_verifier}
-+@item gnutls_srp_verifier
- 
--@item @ref{gnutls_srp_base64_encode}
-+@item gnutls_srp_base64_encode
- 
--@item @ref{gnutls_srp_base64_decode}
-+@item gnutls_srp_base64_decode
- 
- @end itemize
- 
-diff -up gnutls-2.12.2/doc/cha-library.texi.nosrp gnutls-2.12.2/doc/cha-library.texi
---- gnutls-2.12.2/doc/cha-library.texi.nosrp	2011-04-08 02:30:44.000000000 +0200
-+++ gnutls-2.12.2/doc/cha-library.texi	2011-04-19 09:44:58.000000000 +0200
-@@ -174,7 +174,7 @@ data to the transport layer.
- @end itemize
- 
- Other callback functions such as the one set by
--@ref{gnutls_srp_set_server_credentials_function}, may require more
-+gnutls_srp_set_server_credentials_function, may require more
- complicated input, including data to be allocated.  These callbacks
- should allocate and free memory using the functions shown below.
- 

gnutls-2.12.20-cli-debug-manpage.patch

@@ -1,15 +0,0 @@
-diff -up gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1.cli-debug gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1
---- gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1.cli-debug	2011-04-08 02:30:44.000000000 +0200
-+++ gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1	2012-08-08 14:23:24.397745283 +0200
-@@ -17,8 +17,10 @@ Enable debugging.
- The port to connect to.
- .IP "\-h, \-\-help"
- Prints a short reminder of the command line options.
--.IP "\-v, \-\-verbose"
-+.IP "\-V, \-\-verbose"
- Even more verbose output.
-+.IP "\-v, \-\-version"
-+Prints the program's version number.
- .SH "SEE ALSO"
- .BR gnutls\-cli (1),
- .BR gnutls\-serv (1)

gnutls-2.12.7-dsa-skiptests.patch

@@ -1,51 +0,0 @@
-diff -up gnutls-2.12.7/tests/dsa/testdsa.skiptests gnutls-2.12.7/tests/dsa/testdsa
---- gnutls-2.12.7/tests/dsa/testdsa.skiptests	2011-06-05 21:12:47.000000000 +0200
-+++ gnutls-2.12.7/tests/dsa/testdsa	2011-06-21 23:36:20.000000000 +0200
-@@ -60,14 +60,14 @@ $CLI $DEBUG -p $PORT 127.0.0.1 --insecur
- echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0"
- 
- #try with client key of 2048 bits (should fail) 
--$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null 2>&1 && \
--  fail "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!"
--
--echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0"
-+#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null 2>&1 && \
-+#  fail "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!"
-+#
-+#echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0"
- 
- #try with client key of 3072 bits (should fail) 
--$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null 2>&1 && \
--  fail "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!"
-+#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null 2>&1 && \
-+#  fail "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!"
- 
- kill $PID
- wait
-@@ -94,19 +94,21 @@ $CLI $DEBUG -p $PORT 127.0.0.1 --insecur
- echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2"
- 
- #try with client key of 2048 bits (should succeed) 
--$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null || \
--  fail "Failed connection to a server with a client DSA 2048 key and TLS 1.2!"
-+#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null || \
-+#  fail "Failed connection to a server with a client DSA 2048 key and TLS 1.2!"
- 
--echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2"
-+#echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2"
- 
- #try with client key of 3072 bits (should succeed) 
--$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null || \
--  fail "Failed connection to a server with a client DSA 3072 key and TLS 1.2!"
-+#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null || \
-+#  fail "Failed connection to a server with a client DSA 3072 key and TLS 1.2!"
- 
- 
- kill $PID
- wait
- 
-+exit 0
-+
- # DSA 2048 + TLS 1.0
- 
- echo "Checking DSA-2048 with TLS 1.0"

gnutls-2.8.6-link-libgcrypt.patch

@@ -1,24 +0,0 @@
-diff -up gnutls-2.8.6/doc/examples/Makefile.am.link gnutls-2.8.6/doc/examples/Makefile.am
---- gnutls-2.8.6/doc/examples/Makefile.am.link	2010-01-24 11:06:21.000000000 +0100
-+++ gnutls-2.8.6/doc/examples/Makefile.am	2010-05-12 21:22:51.000000000 +0200
-@@ -30,7 +30,7 @@ LDADD = libexamples.la				\
- 	../../lib/libgnutls.la			\
- 	../../libextra/libgnutls-extra.la	\
- 	../../gl/libgnu.la			\
--	$(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB)
-+	$(LTLIBGCRYPT) $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB)
- 
- CXX_LDADD = $(LDADD) \
- 	../../lib/libgnutlsxx.la
-diff -up gnutls-2.8.6/doc/examples/Makefile.in.link gnutls-2.8.6/doc/examples/Makefile.in
---- gnutls-2.8.6/doc/examples/Makefile.in.link	2010-03-15 11:29:19.000000000 +0100
-+++ gnutls-2.8.6/doc/examples/Makefile.in	2010-05-12 21:23:25.000000000 +0200
-@@ -827,7 +827,7 @@ LDADD = libexamples.la				\
- 	../../lib/libgnutls.la			\
- 	../../libextra/libgnutls-extra.la	\
- 	../../gl/libgnu.la			\
--	$(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB)
-+	$(LTLIBGCRYPT) $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB)
- 
- CXX_LDADD = $(LDADD) \
- 	../../lib/libgnutlsxx.la

gnutls-3.1.7-noecc.patch

@@ -0,0 +1,609 @@
+diff -up gnutls-3.1.7/lib/algorithms/kx.c.noecc gnutls-3.1.7/lib/algorithms/kx.c
+--- gnutls-3.1.7/lib/algorithms/kx.c.noecc	2013-02-01 20:02:07.000000000 +0100
++++ gnutls-3.1.7/lib/algorithms/kx.c	2013-02-05 21:13:08.700750694 +0100
+@@ -29,9 +29,11 @@
+ extern mod_auth_st rsa_auth_struct;
+ extern mod_auth_st rsa_export_auth_struct;
+ extern mod_auth_st dhe_rsa_auth_struct;
++#ifdef ENABLE_ECC
+ extern mod_auth_st ecdhe_rsa_auth_struct;
+ extern mod_auth_st ecdhe_psk_auth_struct;
+ extern mod_auth_st ecdhe_ecdsa_auth_struct;
++#endif
+ extern mod_auth_st dhe_dss_auth_struct;
+ extern mod_auth_st anon_auth_struct;
+ extern mod_auth_st anon_ecdh_auth_struct;
+@@ -92,14 +94,18 @@ typedef struct gnutls_kx_algo_entry gnut
+ static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
+ #ifdef ENABLE_ANON
+   {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0},
++#ifdef ENABLE_ECC
+   {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0, 0},
+ #endif
++#endif
+   {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct, 0, 0},
+   {"RSA-EXPORT", GNUTLS_KX_RSA_EXPORT, &rsa_export_auth_struct, 0,
+    1 /* needs RSA params */ },
+   {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1, 0},
++#ifdef ENABLE_ECC
+   {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0, 0},
+   {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0, 0},
++#endif
+   {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1, 0},
+ 
+ #ifdef ENABLE_SRP
+@@ -111,8 +117,10 @@ static const gnutls_kx_algo_entry _gnutl
+   {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0},
+   {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
+    1 /* needs DHE params */ , 0},
++#ifdef ENABLE_ECC
+   {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0 , 0},
+ #endif
++#endif
+   {0, 0, 0, 0, 0}
+ };
+ 
+diff -up gnutls-3.1.7/lib/algorithms/publickey.c.noecc gnutls-3.1.7/lib/algorithms/publickey.c
+--- gnutls-3.1.7/lib/algorithms/publickey.c.noecc	2013-02-01 20:02:07.000000000 +0100
++++ gnutls-3.1.7/lib/algorithms/publickey.c	2013-02-05 21:13:08.701750716 +0100
+@@ -50,8 +50,10 @@ static const gnutls_pk_map pk_mappings[]
+   {GNUTLS_KX_RSA_EXPORT, GNUTLS_PK_RSA, CIPHER_SIGN},
+   {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+   {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
++#ifdef ENABLE_ECC
+   {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+   {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
++#endif
+   {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+   {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+   {0, 0, 0}
+@@ -97,7 +99,9 @@ static const gnutls_pk_entry pk_algorith
+   {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
+   {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
+   {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
++#ifdef ENABLE_ECC
+   {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
++#endif
+   {0, 0, 0}
+ };
+ 
+diff -up gnutls-3.1.7/lib/algorithms/sign.c.noecc gnutls-3.1.7/lib/algorithms/sign.c
+--- gnutls-3.1.7/lib/algorithms/sign.c.noecc	2013-02-01 20:02:07.000000000 +0100
++++ gnutls-3.1.7/lib/algorithms/sign.c	2013-02-05 21:13:08.701750716 +0100
+@@ -43,6 +43,14 @@ typedef struct gnutls_sign_entry gnutls_
+ #define TLS_SIGN_AID_UNKNOWN {255, 255}
+ static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN;
+ 
++#ifndef ENABLE_ECC
++#define GNUTLS_SIGN_ECDSA_SHA1 0
++#define GNUTLS_SIGN_ECDSA_SHA224 0
++#define GNUTLS_SIGN_ECDSA_SHA256 0
++#define GNUTLS_SIGN_ECDSA_SHA384 0
++#define GNUTLS_SIGN_ECDSA_SHA512 0
++#endif
++
+ static const gnutls_sign_entry sign_algorithms[] = {
+   {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
+    GNUTLS_DIG_SHA1, {2, 1}},
+diff -up gnutls-3.1.7/lib/auth/anon_ecdh.c.noecc gnutls-3.1.7/lib/auth/anon_ecdh.c
+--- gnutls-3.1.7/lib/auth/anon_ecdh.c.noecc	2013-02-01 20:02:07.000000000 +0100
++++ gnutls-3.1.7/lib/auth/anon_ecdh.c	2013-02-05 21:13:08.701750716 +0100
+@@ -28,6 +28,7 @@
+ #include <gnutls_int.h>
+ 
+ #ifdef ENABLE_ANON
++#ifdef ENABLE_ECC
+ 
+ #include "gnutls_auth.h"
+ #include "gnutls_errors.h"
+@@ -136,4 +137,5 @@ proc_anon_ecdh_server_kx (gnutls_session
+   return 0;
+ }
+ 
++#endif
+ #endif /* ENABLE_ANON */
+diff -up gnutls-3.1.7/lib/auth/cert.c.noecc gnutls-3.1.7/lib/auth/cert.c
+--- gnutls-3.1.7/lib/auth/cert.c.noecc	2013-02-01 20:02:07.000000000 +0100
++++ gnutls-3.1.7/lib/auth/cert.c	2013-02-05 21:13:08.701750716 +0100
+@@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p
+                                                    key, int deinit);
+ #endif
+ 
++#ifdef ENABLE_ECC
+ #define MAX_CLIENT_SIGN_ALGOS 3
++#else
++#define MAX_CLIENT_SIGN_ALGOS 2
++#endif
+ #define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
+ typedef enum CertificateSigType
+ { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
+@@ -1424,8 +1428,10 @@ _gnutls_check_supported_sign_algo (Certi
+       return GNUTLS_PK_RSA;
+     case DSA_SIGN:
+       return GNUTLS_PK_DSA;
++#ifdef ENABLE_ECC
+     case ECDSA_SIGN:
+       return GNUTLS_PK_EC;
++#endif
+     }
+ 
+   return -1;
+@@ -1712,7 +1718,9 @@ _gnutls_gen_cert_server_cert_req (gnutls
+   tmp_data[0] = CERTTYPE_SIZE - 1;
+   tmp_data[1] = RSA_SIGN;
+   tmp_data[2] = DSA_SIGN;
++#ifdef ENABLE_ECC
+   tmp_data[3] = ECDSA_SIGN;     /* only these for now */
++#endif
+ 
+   ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE);
+   if (ret < 0)
+diff -up gnutls-3.1.7/lib/auth/dhe.c.noecc gnutls-3.1.7/lib/auth/dhe.c
+--- gnutls-3.1.7/lib/auth/dhe.c.noecc	2013-02-01 20:02:07.000000000 +0100
++++ gnutls-3.1.7/lib/auth/dhe.c	2013-02-05 21:13:08.702750739 +0100
+@@ -43,6 +43,7 @@ static int gen_dhe_server_kx (gnutls_ses
+ static int proc_dhe_server_kx (gnutls_session_t, uint8_t *, size_t);
+ static int proc_dhe_client_kx (gnutls_session_t, uint8_t *, size_t);
+ 
++#ifdef ENABLE_ECC
+ const mod_auth_st ecdhe_ecdsa_auth_struct = {
+   "ECDHE_ECDSA",
+   _gnutls_gen_cert_server_crt,
+@@ -76,6 +77,7 @@ const mod_auth_st ecdhe_rsa_auth_struct
+   _gnutls_proc_cert_client_crt_vrfy,
+   _gnutls_proc_cert_cert_req
+ };
++#endif
+ 
+ const mod_auth_st dhe_rsa_auth_struct = {
+   "DHE_RSA",
+diff -up gnutls-3.1.7/lib/auth/dhe_psk.c.noecc gnutls-3.1.7/lib/auth/dhe_psk.c
+--- gnutls-3.1.7/lib/auth/dhe_psk.c.noecc	2013-02-01 20:02:07.000000000 +0100
++++ gnutls-3.1.7/lib/auth/dhe_psk.c	2013-02-05 21:13:08.702750739 +0100
+@@ -68,6 +68,7 @@ const mod_auth_st dhe_psk_auth_struct =
+   NULL
+ };
+ 
++#ifdef ENABLE_ECC
+ const mod_auth_st ecdhe_psk_auth_struct = {
+   "ECDHE PSK",
+   NULL,
+@@ -84,6 +85,7 @@ const mod_auth_st ecdhe_psk_auth_struct
+   NULL,
+   NULL
+ };
++#endif
+ 
+ static int
+ gen_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+@@ -184,6 +186,7 @@ gen_psk_server_kx (gnutls_session_t sess
+   return ret;
+ }
+ 
++#ifdef ENABLE_ECC
+ static int
+ gen_ecdhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+ {
+@@ -208,7 +211,7 @@ gen_ecdhe_psk_server_kx (gnutls_session_
+ 
+   return ret;
+ }
+-
++#endif
+ 
+ static int
+ proc_psk_client_kx (gnutls_session_t session, uint8_t * data,
+@@ -289,6 +292,7 @@ proc_psk_client_kx (gnutls_session_t ses
+ 
+ }
+ 
++#ifdef ENABLE_ECC
+ static int
+ proc_ecdhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
+                     size_t _data_size)
+@@ -353,6 +357,7 @@ proc_ecdhe_psk_client_kx (gnutls_session
+   
+   return ret;
+ }
++#endif
+ 
+ int
+ proc_psk_server_kx (gnutls_session_t session, uint8_t * data,
+diff -up gnutls-3.1.7/lib/auth/ecdh_common.c.noecc gnutls-3.1.7/lib/auth/ecdh_common.c
+--- gnutls-3.1.7/lib/auth/ecdh_common.c.noecc	2013-02-01 20:02:07.000000000 +0100
++++ gnutls-3.1.7/lib/auth/ecdh_common.c	2013-02-05 21:13:08.702750739 +0100
+@@ -41,6 +41,8 @@
+ #include <auth/psk.h>
+ #include <gnutls_pk.h>
+ 
++#ifdef ENABLE_ECC
++
+ static int calc_ecdh_key( gnutls_session_t session, gnutls_datum_t * psk_key)
+ {
+ gnutls_pk_params_st pub;
+@@ -243,3 +245,4 @@ int _gnutls_ecdh_common_print_server_kx
+     
+   return data->length;
+ }
++#endif
+diff -up gnutls-3.1.7/lib/auth/ecdh_common.h.noecc gnutls-3.1.7/lib/auth/ecdh_common.h
+--- gnutls-3.1.7/lib/auth/ecdh_common.h.noecc	2013-02-01 20:02:07.000000000 +0100
++++ gnutls-3.1.7/lib/auth/ecdh_common.h	2013-02-05 21:13:08.702750739 +0100
+@@ -25,6 +25,8 @@
+ 
+ #include <gnutls_auth.h>
+ 
++#ifdef ENABLE_ECC
++
+ int
+ _gnutls_gen_ecdh_common_client_kx (gnutls_session_t session, 
+                                    gnutls_buffer_st* data);
+@@ -45,6 +47,14 @@ int _gnutls_ecdh_common_print_server_kx
+ int _gnutls_proc_ecdh_common_server_kx (gnutls_session_t session, uint8_t * data,
+                                       size_t _data_size);
+ 
++#else
++
++#define _gnutls_gen_ecdh_common_client_kx_int(session, data, psk_key) GNUTLS_E_INTERNAL_ERROR
++#define _gnutls_proc_ecdh_common_client_kx(session, data, _data_size, curve, psk_key) GNUTLS_E_INTERNAL_ERROR
++#define _gnutls_ecdh_common_print_server_kx(session, data, curve) GNUTLS_E_INTERNAL_ERROR
++#define _gnutls_proc_ecdh_common_server_kx(session, data, _data_size) GNUTLS_E_INTERNAL_ERROR
++
++#endif
+ 
+ 
+ #endif
+diff -up gnutls-3.1.7/lib/ext/ecc.c.noecc gnutls-3.1.7/lib/ext/ecc.c
+--- gnutls-3.1.7/lib/ext/ecc.c.noecc	2013-02-01 20:02:07.000000000 +0100
++++ gnutls-3.1.7/lib/ext/ecc.c	2013-02-05 21:13:08.702750739 +0100
+@@ -35,6 +35,7 @@
+ /* Maps record size to numbers according to the
+  * extensions draft.
+  */
++#ifdef ENABLE_ECC
+ 
+ static int _gnutls_supported_ecc_recv_params (gnutls_session_t session,
+                                           const uint8_t * data,
+@@ -269,3 +270,5 @@ _gnutls_session_supports_ecc_curve (gnut
+ 
+   return GNUTLS_E_ECC_UNSUPPORTED_CURVE;
+ }
++
++#endif
+diff -up gnutls-3.1.7/lib/gnutls_extensions.c.noecc gnutls-3.1.7/lib/gnutls_extensions.c
+--- gnutls-3.1.7/lib/gnutls_extensions.c.noecc	2013-02-04 02:50:34.000000000 +0100
++++ gnutls-3.1.7/lib/gnutls_extensions.c	2013-02-05 21:13:08.702750739 +0100
+@@ -350,6 +350,7 @@ _gnutls_ext_init (void)
+   if (ret != GNUTLS_E_SUCCESS)
+     return ret;
+ 
++#ifdef ENABLE_ECC
+   ret = _gnutls_ext_register (&ext_mod_supported_ecc);
+   if (ret != GNUTLS_E_SUCCESS)
+     return ret;
+@@ -357,6 +358,7 @@ _gnutls_ext_init (void)
+   ret = _gnutls_ext_register (&ext_mod_supported_ecc_pf);
+   if (ret != GNUTLS_E_SUCCESS)
+     return ret;
++#endif
+ 
+   ret = _gnutls_ext_register (&ext_mod_sig);
+   if (ret != GNUTLS_E_SUCCESS)
+diff -up gnutls-3.1.7/lib/nettle/init.c.noecc gnutls-3.1.7/lib/nettle/init.c
+--- gnutls-3.1.7/lib/nettle/init.c.noecc	2013-02-01 20:02:09.000000000 +0100
++++ gnutls-3.1.7/lib/nettle/init.c	2013-02-05 21:13:08.703750762 +0100
+@@ -32,7 +32,11 @@
+ int
+ gnutls_crypto_init (void)
+ {
++#ifdef ENABLE_ECC
+   return ecc_wmnaf_cache_init();
++#else
++  return 0;
++#endif
+ }
+ 
+ /* Functions that refer to the deinitialization of the nettle library.
+@@ -41,5 +45,7 @@ gnutls_crypto_init (void)
+ void
+ gnutls_crypto_deinit (void)
+ {
++#ifdef ENABLE_ECC
+   ecc_wmnaf_cache_free();
++#endif
+ }
+diff -up gnutls-3.1.7/lib/nettle/Makefile.am.noecc gnutls-3.1.7/lib/nettle/Makefile.am
+--- gnutls-3.1.7/lib/nettle/Makefile.am.noecc	2012-12-03 20:36:50.000000000 +0100
++++ gnutls-3.1.7/lib/nettle/Makefile.am	2013-02-05 21:13:08.703750762 +0100
+@@ -33,9 +33,13 @@ endif
+ 
+ noinst_LTLIBRARIES = libcrypto.la
+ 
++#if ENABLE_ECC
++#ECC_SOURCES = ecc_free.c ecc.h ecc_make_key.c ecc_shared_secret.c \
++#	ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \
++#	ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \
++#	ecc_projective_check_point.c ecc_projective_negate_point.c \
++#	ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c
++#endif
++
+ libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c egd.c egd.h \
+-	multi.c wmnaf.c ecc_free.c ecc.h ecc_make_key.c ecc_shared_secret.c \
+-	ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \
+-	ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \
+-	ecc_projective_check_point.c ecc_projective_negate_point.c \
+-	ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c gnettle.h 
++	multi.c wmnaf.c $(ECC_SOURCES) gnettle.h 
+diff -up gnutls-3.1.7/lib/nettle/pk.c.noecc gnutls-3.1.7/lib/nettle/pk.c
+--- gnutls-3.1.7/lib/nettle/pk.c.noecc	2013-02-01 20:02:09.000000000 +0100
++++ gnutls-3.1.7/lib/nettle/pk.c	2013-02-05 21:13:08.704750784 +0100
+@@ -137,6 +137,7 @@ static int _wrap_nettle_pk_derive(gnutls
+ 
+   switch (algo)
+     {
++#ifdef ENABLE_ECC
+     case GNUTLS_PK_EC:
+       {
+         ecc_key ecc_pub, ecc_priv;
+@@ -182,6 +183,7 @@ ecc_cleanup:
+         out->size = sz;
+         break;
+       }
++#endif
+     default:
+       gnutls_assert ();
+       ret = GNUTLS_E_INTERNAL_ERROR;
+@@ -326,6 +328,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
+ 
+   switch (algo)
+     {
++#ifdef ENABLE_ECC
+     case GNUTLS_PK_EC: /* we do ECDSA */
+       {
+         ecc_key priv;
+@@ -369,6 +372,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
+           }
+         break;
+       }
++#endif
+     case GNUTLS_PK_DSA:
+       {
+         struct dsa_public_key pub;
+@@ -470,6 +474,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
+ 
+   switch (algo)
+     {
++#ifdef ENABLE_ECC
+     case GNUTLS_PK_EC: /* ECDSA */
+       {
+         ecc_key pub;
+@@ -509,6 +514,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
+         _ecc_params_clear( &pub);
+         break;
+       }
++#endif
+     case GNUTLS_PK_DSA:
+       {
+         struct dsa_public_key pub;
+@@ -705,6 +711,7 @@ rsa_fail:
+ 
+         break;
+       }
++#ifdef ENABLE_ECC
+     case GNUTLS_PK_EC:
+       {
+         ecc_key key;
+@@ -758,6 +765,7 @@ ecc_fail:
+ 
+         break;
+       }
++#endif
+     default:
+       gnutls_assert ();
+       return GNUTLS_E_INVALID_REQUEST;
+@@ -874,6 +882,7 @@ dsa_cleanup:
+       }
+ 
+       break;
++#ifdef ENABLE_ECC
+     case GNUTLS_PK_EC:
+       {
+         int curve = params->flags;
+@@ -923,6 +932,7 @@ ecc_cleanup:
+         ecc_del_point(R);
+       }  
+       break;
++#endif
+     default:
+       ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+     }
+diff -up gnutls-3.1.7/tests/cert-tests/dane.noecc gnutls-3.1.7/tests/cert-tests/dane
+--- gnutls-3.1.7/tests/cert-tests/dane.noecc	2013-01-25 20:24:10.000000000 +0100
++++ gnutls-3.1.7/tests/cert-tests/dane	2013-02-06 18:32:53.381803965 +0100
+@@ -22,6 +22,8 @@
+ 
+ set -e
+ 
++exit 77
++
+ srcdir=${srcdir:-.}
+ DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT}
+ 
+diff -up gnutls-3.1.7/tests/dtls/dtls-nb.noecc gnutls-3.1.7/tests/dtls/dtls-nb
+--- gnutls-3.1.7/tests/dtls/dtls-nb.noecc	2012-12-03 20:36:51.000000000 +0100
++++ gnutls-3.1.7/tests/dtls/dtls-nb	2013-02-06 17:30:21.148616598 +0100
+@@ -22,9 +22,7 @@
+ 
+ set -e
+ 
+-if test "${WINDIR}" != "";then
+-  exit 77
+-fi
++exit 77
+ 
+ ./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
+ ./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
+diff -up gnutls-3.1.7/tests/dtls/dtls.noecc gnutls-3.1.7/tests/dtls/dtls
+--- gnutls-3.1.7/tests/dtls/dtls.noecc	2012-12-03 20:36:51.000000000 +0100
++++ gnutls-3.1.7/tests/dtls/dtls	2013-02-06 17:30:12.732428591 +0100
+@@ -22,9 +22,7 @@
+ 
+ set -e
+ 
+-if test "${WINDIR}" != "";then
+-  exit 77
+-fi
++exit 77
+ 
+ ./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
+ ./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
+diff -up gnutls-3.1.7/tests/ecdsa/ecdsa.noecc gnutls-3.1.7/tests/ecdsa/ecdsa
+--- gnutls-3.1.7/tests/ecdsa/ecdsa.noecc	2012-12-03 20:36:51.000000000 +0100
++++ gnutls-3.1.7/tests/ecdsa/ecdsa	2013-02-06 17:31:19.991931090 +0100
+@@ -22,6 +22,8 @@
+ 
+ #set -e
+ 
++exit 77
++
+ srcdir=${srcdir:-.}
+ CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
+ 
+diff -up gnutls-3.1.7/tests/mini-dtls-record.c.noecc gnutls-3.1.7/tests/mini-dtls-record.c
+--- gnutls-3.1.7/tests/mini-dtls-record.c.noecc	2013-01-17 20:07:30.000000000 +0100
++++ gnutls-3.1.7/tests/mini-dtls-record.c	2013-02-06 16:49:30.236481581 +0100
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLE_ECC)
+ 
+ int
+ main ()
+diff -up gnutls-3.1.7/tests/mini-dtls-rehandshake.c.noecc gnutls-3.1.7/tests/mini-dtls-rehandshake.c
+--- gnutls-3.1.7/tests/mini-dtls-rehandshake.c.noecc	2012-12-03 20:36:51.000000000 +0100
++++ gnutls-3.1.7/tests/mini-dtls-rehandshake.c	2013-02-06 16:50:11.803404151 +0100
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLE_ECC)
+ 
+ int main()
+ {
+diff -up gnutls-3.1.7/tests/mini-dtls-srtp.c.noecc gnutls-3.1.7/tests/mini-dtls-srtp.c
+--- gnutls-3.1.7/tests/mini-dtls-srtp.c.noecc	2012-12-03 20:36:51.000000000 +0100
++++ gnutls-3.1.7/tests/mini-dtls-srtp.c	2013-02-06 16:51:05.009585051 +0100
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP)
++#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) || !defined(ENABLE_ECC)
+ 
+ int
+ main (int argc, char** argv)
+diff -up gnutls-3.1.7/tests/mini-handshake-timeout.c.noecc gnutls-3.1.7/tests/mini-handshake-timeout.c
+--- gnutls-3.1.7/tests/mini-handshake-timeout.c.noecc	2012-12-03 20:36:51.000000000 +0100
++++ gnutls-3.1.7/tests/mini-handshake-timeout.c	2013-02-06 16:51:28.466105661 +0100
+@@ -28,7 +28,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ 
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLE_ECC)
+ 
+ int main()
+ {
+@@ -142,7 +142,11 @@ initialize_tls_session (gnutls_session_t
+   /* avoid calling all the priority functions, since the defaults
+    * are adequate.
+    */
+-  gnutls_priority_set_direct (*session, "NORMAL:+ANON-ECDH", NULL);
++#ifdef ENABLE_ECC
++  gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL);
++#else
++  gnutls_priority_set_direct (session, "NORMAL:+ANON-DH", NULL);
++#endif
+ }
+ 
+ static void
+diff -up gnutls-3.1.7/tests/mini-loss-time.c.noecc gnutls-3.1.7/tests/mini-loss-time.c
+--- gnutls-3.1.7/tests/mini-loss-time.c.noecc	2012-12-03 20:36:51.000000000 +0100
++++ gnutls-3.1.7/tests/mini-loss-time.c	2013-02-06 16:51:47.254522659 +0100
+@@ -28,7 +28,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ 
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLE_ECC)
+ 
+ int main()
+ {
+diff -up gnutls-3.1.7/tests/mini-record.c.noecc gnutls-3.1.7/tests/mini-record.c
+--- gnutls-3.1.7/tests/mini-record.c.noecc	2013-01-23 20:31:17.000000000 +0100
++++ gnutls-3.1.7/tests/mini-record.c	2013-02-06 16:52:07.965982266 +0100
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLE_ECC)
+ 
+ int main()
+ {
+diff -up gnutls-3.1.7/tests/mini-xssl.c.noecc gnutls-3.1.7/tests/mini-xssl.c
+--- gnutls-3.1.7/tests/mini-xssl.c.noecc	2013-01-27 18:16:02.000000000 +0100
++++ gnutls-3.1.7/tests/mini-xssl.c	2013-02-06 16:29:32.288396176 +0100
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLE_ECC)
+ 
+ int main()
+ {
+diff -up gnutls-3.1.7/tests/pkcs12_simple.c.noecc gnutls-3.1.7/tests/pkcs12_simple.c
+--- gnutls-3.1.7/tests/pkcs12_simple.c.noecc	2012-12-06 09:01:28.000000000 +0100
++++ gnutls-3.1.7/tests/pkcs12_simple.c	2013-02-06 17:01:39.813123531 +0100
+@@ -50,6 +50,10 @@ doit (void)
+   gnutls_x509_privkey_t pkey;
+   int ret;
+ 
++#ifndef ENABLE_ECC
++  exit(77);
++#endif
++
+   ret = gnutls_global_init ();
+   if (ret < 0)
+     fail ("gnutls_global_init failed %d\n", ret);
+diff -up gnutls-3.1.7/tests/slow/keygen.c.noecc gnutls-3.1.7/tests/slow/keygen.c
+--- gnutls-3.1.7/tests/slow/keygen.c.noecc	2012-12-03 20:36:52.000000000 +0100
++++ gnutls-3.1.7/tests/slow/keygen.c	2013-02-06 17:23:10.831725585 +0100
+@@ -65,6 +65,11 @@ doit (void)
+                 if (algorithm == GNUTLS_PK_DH)
+                     continue;
+ 
++#ifndef ENABLE_ECC
++                if (algorithm == GNUTLS_PK_EC)
++                    continue;
++#endif
++
+                 ret = gnutls_x509_privkey_init (&pkey);
+                 if (ret < 0)
+                   {
+diff -up gnutls-3.1.7/tests/srp/mini-srp.c.noecc gnutls-3.1.7/tests/srp/mini-srp.c
+--- gnutls-3.1.7/tests/srp/mini-srp.c.noecc	2012-12-03 20:36:52.000000000 +0100
++++ gnutls-3.1.7/tests/srp/mini-srp.c	2013-02-06 17:36:50.419312453 +0100
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLE_SRP)
+ 
+ int main()
+ {

gnutls-3.1.7-rpath.patch

@@ -0,0 +1,39 @@
+diff -up gnutls-3.1.7/configure.rpath gnutls-3.1.7/configure
+--- gnutls-3.1.7/configure.rpath	2013-02-04 02:40:23.000000000 +0100
++++ gnutls-3.1.7/configure	2013-02-05 21:04:57.128932440 +0100
+@@ -48519,7 +48519,7 @@ shlibpath_var=
+ shlibpath_overrides_runpath=unknown
+ version_type=none
+ dynamic_linker="$host_os ld.so"
+-sys_lib_dlsearch_path_spec="/lib /usr/lib"
++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
+ need_lib_prefix=unknown
+ hardcode_into_libs=no
+ 
+@@ -48962,7 +48962,7 @@ fi
+   # Append ld.so.conf contents to the search path
+   if test -f /etc/ld.so.conf; then
+     lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
+-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
++    sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra"
+   fi
+ 
+   # We used to test for /lib/ld.so.1 and disable shared libraries on
+@@ -52353,7 +52353,7 @@ shlibpath_var=
+ shlibpath_overrides_runpath=unknown
+ version_type=none
+ dynamic_linker="$host_os ld.so"
+-sys_lib_dlsearch_path_spec="/lib /usr/lib"
++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
+ need_lib_prefix=unknown
+ hardcode_into_libs=no
+ 
+@@ -52794,7 +52794,7 @@ fi
+   # Append ld.so.conf contents to the search path
+   if test -f /etc/ld.so.conf; then
+     lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
+-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
++    sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra"
+   fi
+ 
+   # We used to test for /lib/ld.so.1 and disable shared libraries on

gnutls.spec

@@ -1,33 +1,36 @@
+%bcond_without dane
 %bcond_with guile
 Summary: A TLS protocol implementation
 Name: gnutls
-Version: 2.12.22
-Release: 2%{?dist}
-# The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+
-License: GPLv3+ and LGPLv2+
+Version: 3.1.7
+Release: 1%{?dist}
+# The libgnutls library is LGPLv3+, utilities and remaining libraries are GPLv3+
+License: GPLv3+ and LGPLv3+
 Group: System Environment/Libraries
 BuildRequires: libgcrypt-devel >= 1.2.2, p11-kit-devel >= 0.11, gettext
 BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 2.14
 BuildRequires: lzo-devel, libtool, automake, autoconf
+BuildRequires: nettle-devel >= 2.5
+%if %{with dane}
+BuildRequires: unbound-devel
+%endif
 %if %{with guile}
 BuildRequires: guile-devel
 %endif
+# temporary compat library for buildroots
+BuildRequires: gnutls
 URL: http://www.gnutls.org/
-#Source0: ftp://ftp.gnutls.org/pub/gnutls/%{name}-%{version}.tar.gz
-#Source1: ftp://ftp.gnutls.org/pub/gnutls/%{name}-%{version}.tar.gz.sig
-# XXX patent tainted SRP code removed.
-Source0: %{name}-%{version}-nosrp.tar.xz
+#Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz
+#Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz.sig
+# XXX patent tainted code removed.
+Source0: %{name}-%{version}-hobbled.tar.xz
 Source1: libgnutls-config
-Patch1: gnutls-2.12.11-rpath.patch
-Patch2: gnutls-2.8.6-link-libgcrypt.patch
-# Remove nonexisting references from texinfo file
-Patch3: gnutls-2.12.2-nosrp.patch
-# Skip tests that are expected to fail on libgcrypt build
-Patch4: gnutls-2.12.7-dsa-skiptests.patch
-# Fix the gnutls-cli-debug manpage
-Patch6: gnutls-2.12.20-cli-debug-manpage.patch
+Source2: hobble-gnutls
+Patch1: gnutls-3.1.7-rpath.patch
 # Use only FIPS approved ciphers in the FIPS mode
 Patch7: gnutls-2.12.21-fips-algorithms.patch
+# Make ECC optional as it is now hobbled
+Patch8: gnutls-3.1.7-noecc.patch
 
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: libgcrypt >= 1.2.2
@@ -43,6 +46,9 @@ Summary: Development files for the %{name} package
 Group: Development/Libraries
 Requires: %{name}%{?_isa} = %{version}-%{release}
 Requires: %{name}-c++%{?_isa} = %{version}-%{release}
+%if %{with dane}
+Requires: %{name}-dane%{?_isa} = %{version}-%{release}
+%endif
 Requires: libgcrypt-devel
 Requires: pkgconfig
 Requires(post): /sbin/install-info
@@ -53,6 +59,15 @@ License: GPLv3+
 Summary: Command line tools for TLS protocol
 Group: Applications/System
 Requires: %{name}%{?_isa} = %{version}-%{release}
+%if %{with dane}
+Requires: %{name}-dane%{?_isa} = %{version}-%{release}
+%endif
+
+%if %{with dane}
+%package dane
+Summary: A DANE protocol implementation for GnuTLS
+Requires: %{name}%{?_isa} = %{version}-%{release}
+%endif
 
 %if %{with guile}
 %package guile
@@ -87,6 +102,15 @@ the proposed standards by the IETF's TLS working group.
 This package contains command line TLS client and server and certificate
 manipulation tools.
 
+%if %{with dane}
+%description dane
+GnuTLS is a project that aims to develop a library which provides a secure
+layer, over a reliable transport layer. Currently the GnuTLS library implements
+the proposed standards by the IETF's TLS working group.
+This package contains library that implements the DANE protocol for verifying
+TLS certificates through DNSSEC.
+%endif
+
 %if %{with guile}
 %description guile
 GnuTLS is a project that aims to develop a library which provides a secure
@@ -99,15 +123,12 @@ This package contains Guile bindings for the library.
 %setup -q
 
 %patch1 -p1 -b .rpath
-%patch2 -p1 -b .link
-%patch3 -p1 -b .nosrp
-%patch4 -p1 -b .skiptests
-%patch6 -p1 -b .cli-debug
-%patch7 -p1 -b .fips
+# This patch is not applicable as we use nettle now but some parts will be
+# later reused.
+#%patch7 -p1 -b .fips
+%patch8 -p1 -b .noecc
 
-for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
-    touch lib/$i
-done
+%{SOURCE2} -e
 
 %build
 
@@ -124,6 +145,11 @@ export LDFLAGS="-Wl,--no-add-needed"
 %else
            --disable-guile \
 %endif
+%if %{with dane}
+           --enable-dane \
+%else
+           --disable-dane \
+%endif
 %ifarch %{arm}
            --disable-largefile \
 %endif
@@ -131,7 +157,6 @@ export LDFLAGS="-Wl,--no-add-needed"
 # Note that the arm hack above is not quite right and the proper thing would
 # be to compile guile with largefile support.
 make
-cp lib/COPYING COPYING.LIB
 
 %install
 rm -fr $RPM_BUILD_ROOT
@@ -145,7 +170,18 @@ rm -f $RPM_BUILD_ROOT%{_mandir}/man3/*srp*
 rm -f $RPM_BUILD_ROOT%{_infodir}/dir
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/libguile*.a
-%find_lang libgnutls
+%if %{without dane}
+rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
+%endif
+
+# temporary compat library for buildroots
+install %{_libdir}/libgnutls.so.26.*.* $RPM_BUILD_ROOT/%{_libdir}
+pushd $RPM_BUILD_ROOT/%{_libdir}
+ln -s libgnutls.so.26.*.*  $RPM_BUILD_ROOT/%{_libdir}/libgnutls.so.26
+popd
+
+
+%find_lang gnutls
 
 %check
 make check
@@ -171,17 +207,25 @@ if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then
    /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
 fi
 
+%if %{with dane}
+%post dane -p /sbin/ldconfig
+
+%postun dane -p /sbin/ldconfig
+%endif
+
 %if %{with guile}
 %post guile -p /sbin/ldconfig
 
 %postun guile -p /sbin/ldconfig
 %endif
 
-%files -f libgnutls.lang
+%files -f gnutls.lang
 %defattr(-,root,root,-)
-%{_libdir}/libgnutls.so.*
-%{_libdir}/libgnutls-extra.so.*
-%doc COPYING COPYING.LIB README AUTHORS
+%{_libdir}/libgnutls.so.28*
+%{_libdir}/libgnutls-xssl.so.0*
+%doc COPYING COPYING.LESSER README AUTHORS NEWS THANKS
+# temporary compat library for buildroots
+%{_libdir}/*.so.26*
 
 %files c++
 %{_libdir}/libgnutlsxx.so.*
@@ -199,12 +243,22 @@ fi
 %files utils
 %defattr(-,root,root,-)
 %{_bindir}/certtool
+%{_bindir}/ocsptool
 %{_bindir}/psktool
 %{_bindir}/p11tool
+%if %{with dane}
+%{_bindir}/danetool
+%endif
 %{_bindir}/gnutls*
 %{_mandir}/man1/*
 %doc doc/certtool.cfg
 
+%if %{with dane}
+%files dane
+%defattr(-,root,root,-)
+%{_libdir}/libgnutls-dane.so.*
+%endif
+
 %if %{with guile}
 %files guile
 %defattr(-,root,root,-)
@@ -214,6 +268,10 @@ fi
 %endif
 
 %changelog
+* Wed Feb  6 2013 Tomas Mraz <tmraz@redhat.com> 3.1.7-1
+- new upstream version, requires rebuild of dependencies
+- this release temporarily includes old compatibility .so
+
 * Tue Feb  5 2013 Tomas Mraz <tmraz@redhat.com> 2.12.22-2
 - rebuilt with new libtasn1
 - make guile bindings optional - breaks i686 build and there is

hobble-gnutls

@@ -0,0 +1,23 @@
+#!/bin/sh
+set -x
+
+if [ "$1" = "-e" ] ; then
+    CMD="cat < /dev/null >"
+else
+    CMD="rm -f"
+fi
+
+# SRP
+for f in auth_srp_sb64.c auth_srp_passwd.c auth_srp_rsa.c \
+    gnutls_srp.c auth_srp.c ext_srp.c ; do
+    eval "$CMD lib/$f"
+done
+
+# ECC
+for f in ecc_free.c ecc_make_key.c ecc_shared_secret.c \
+    ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \
+    ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \
+    ecc_projective_check_point.c ecc_projective_negate_point.c \
+    ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c ; do
+    eval "$CMD lib/nettle/$f"
+done

remove-srp

@@ -1,5 +0,0 @@
-#!/bin/sh
-set -x
-
-rm -f lib/auth_srp_sb64.c lib/auth_srp_passwd.c lib/auth_srp_rsa.c
-rm -f lib/gnutls_srp.c lib/auth_srp.c lib/ext_srp.c

sources

@@ -1 +1 @@
-21a57b10b4fe9cd515841974bd8c2cb7  gnutls-2.12.22-nosrp.tar.xz
+075ba552c072eba77669d941f308d3fb  gnutls-3.1.7-hobbled.tar.xz