--- /dev/null
+From e03782b6ce2f5b909ebb65ff1682126302200c80 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Tue, 7 Mar 2017 22:39:20 +0100
+Subject: [PATCH] tests: do not run tests which require openpgp when it is
+ disabled
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+---
+ tests/openpgp-callback.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/openpgp-callback.c b/tests/openpgp-callback.c
+index c3f2c4c..3df10ac 100644
+--- a/tests/openpgp-callback.c
++++ b/tests/openpgp-callback.c
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLED_OPENPGP)
+
+ /* socketpair isn't supported on Win32. */
+ int main(int argc, char **argv)
+--
+2.10.2
+
+From 72e9bc6f807924ae563f247272ebd8437f7fd5db Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 8 Mar 2017 16:00:02 +0100
+Subject: [PATCH] tests: dtls-stress: use X.509 certificates instead of openpgp
+
+This will allow the test tool to operate even after openpgp certificates
+are deprecated.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ tests/dtls/Makefile.am | 1 +
+ tests/dtls/dtls-stress.c | 67 ++++++------------------------------------------
+ 2 files changed, 9 insertions(+), 59 deletions(-)
+
+diff --git a/tests/dtls/Makefile.am b/tests/dtls/Makefile.am
+index 8f56408..6c8f411 100644
+--- a/tests/dtls/Makefile.am
++++ b/tests/dtls/Makefile.am
+@@ -30,6 +30,7 @@ AM_CPPFLAGS = \
+ -I$(top_srcdir)/extra/includes \
+ -I$(top_builddir)/extra/includes \
+ -I$(top_srcdir)/lib \
++ -I$(top_srcdir)/tests \
+ -I$(top_srcdir)/doc/examples
+
+ AM_LDFLAGS = -no-install
+diff --git a/tests/dtls/dtls-stress.c b/tests/dtls/dtls-stress.c
+index c9493af..01e5eca 100644
+--- a/tests/dtls/dtls-stress.c
++++ b/tests/dtls/dtls-stress.c
+@@ -101,6 +101,7 @@
+ #include <errno.h>
+ #include <poll.h>
+ #include <time.h>
++#include <assert.h>
+ #include <sys/wait.h>
+
+ #if _POSIX_TIMERS && (_POSIX_TIMERS - 200112L) >= 0
+@@ -232,56 +233,7 @@ static const char *filter_names_full[12]
+ "SFinished"
+ };
+
+-static const unsigned char PUBKEY[] =
+- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+- "\n"
+- "mI0ETz0XRAEEAKXSU/tg2yGvoKf/r1pdzj7dnfPHeS+BRiT34763uUhibAbTgMkp\n"
+- "v44OlBPiAaZ54uuXVkz8e4pgvrBgQwIRtNp3xPaWF1CfC4F+V4LdZV8l8IG+AfES\n"
+- "K0GbfUS4q8vjnPJ0TyxnXE2KtbcRdzZzWBshJ8KChKwbH2vvrMrlmEeZABEBAAG0\n"
+- "CHRlc3Qga2V5iLgEEwECACIFAk89F0QCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B\n"
+- "AheAAAoJEMNjhmkfkLY9J/YD+wYZ2BD/0/c5gkkDP2NlVvrLGyFmEwQcR7DcaQYB\n"
+- "P3/Teq2gnscZ5Xm/z1qgGEpwmaVfVHY8mfEj8bYI8jAu0v1C1jCtJPUTmxf9tmkZ\n"
+- "QYFNR8T+F5Xae2XseOH70lSN/AEiW02BEBFlGBx0a3T30muFfqi/KawaE7KKn2e4\n"
+- "uNWvuI0ETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1\n"
+- "Ao9g+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw\n"
+- "1PUl/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEB\n"
+- "AAGInwQYAQIACQUCTz0XRAIbDAAKCRDDY4ZpH5C2PTBtBACVsR6l4HtuzQb5WFQt\n"
+- "sD/lQEk6BEY9aVfK957Oj+A4alGEGObToqVJFo/nq+P7aWExIXucJQRL8lYnC7u+\n"
+- "GjPVCun5TYzKMiryxHPkQr9NBx4hh8JjkDCc8nAgI3il49uPYkmsv70CgqJFFtT8\n"
+- "NfM+8fS537I+XA+hfjt20NUFIA==\n"
+- "=oD3a\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
+-
+-static const unsigned char PRIVKEY[] =
+- "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+- "\n"
+- "lQHYBE89F0QBBACl0lP7YNshr6Cn/69aXc4+3Z3zx3kvgUYk9+O+t7lIYmwG04DJ\n"
+- "Kb+ODpQT4gGmeeLrl1ZM/HuKYL6wYEMCEbTad8T2lhdQnwuBfleC3WVfJfCBvgHx\n"
+- "EitBm31EuKvL45zydE8sZ1xNirW3EXc2c1gbISfCgoSsGx9r76zK5ZhHmQARAQAB\n"
+- "AAP6A6VhRVi22MHE1YzQrTr8yvMSgwayynGcOjndHxdpEodferLx1Pp/BL+bT+ib\n"
+- "Qq7RZ363Xg/7I2rHJpenQYdkI5SI4KrXIV57p8G+isyTtsxU38SY84WoB5os8sfT\n"
+- "YhxG+edoTfDzXkRSWFB8EUjRaLa2b//nvLpxNRyqDSzzUxECAMtEnL5H/8gHbpZf\n"
+- "D98TSJVxdAl9rBAQaVMgrFgcU/IlmxCyVEh9eh/P261tefgOnyVcGFYHxdZvJ3td\n"
+- "miM+DNUCANDW1S9t7IiqflDpQIS2wGTZ/rLKPoE1F3285EaYAd0FQUq0O4/Nu31D\n"
+- "5pz/S7D+PfXn9oEZH3Dvl3EVIDyq4bUB+QEzFc3BsH2uueD3g42RoBfMGl6m3LI9\n"
+- "yWOnrUmIW+h9Fu8W9mcU6y82Q1G7OPIxA1me/Qtzo20lGQa8jAyzLhuit7QIdGVz\n"
+- "dCBrZXmIuAQTAQIAIgUCTz0XRAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA\n"
+- "CgkQw2OGaR+Qtj0n9gP7BhnYEP/T9zmCSQM/Y2VW+ssbIWYTBBxHsNxpBgE/f9N6\n"
+- "raCexxnleb/PWqAYSnCZpV9UdjyZ8SPxtgjyMC7S/ULWMK0k9RObF/22aRlBgU1H\n"
+- "xP4Xldp7Zex44fvSVI38ASJbTYEQEWUYHHRrdPfSa4V+qL8prBoTsoqfZ7i41a+d\n"
+- "AdgETz0XRAEEAKgZExsb7Lf9P3DmwJSvNVdkGVny7wr4/M1s0CDX20NkO7Y1Ao9g\n"
+- "+qFo5MlCOEuzjVaEYmM+rro7qyxmDKsaNIzZF1VN5UeYgPFyLcBK7C+QwUqw1PUl\n"
+- "/w4dFq8neQyqIPUVGRwQPlwpkkabRPNT3t/7KgDJvYzV9uu+cXCyfqErABEBAAEA\n"
+- "A/4wX+brqkGZQTv8lateHn3PRHM3O34nPjgiNeo/SV9EKZg1e1PdRx9ZTAJrGK9y\n"
+- "uZ03BKn7vZIy7fD4ufVzV/s/BaypVmvwjZud8fdMgsMQAJYtoMhozbOtUelCFpja\n"
+- "I1xAbDBx1PAAbS8Sh022/0jvOGnZhvkgZMG90z7AEANUYQIAwzywU087TcJk8Bzd\n"
+- "37JGWyE4f3iYFGA+r8BoIOrxvvgfUHKxdhG0gaT8SDeRAwNY6D43dCBZkG7Uel1F\n"
+- "x9MlLQIA3Goaz58hEN0fdm4TM7A8crtMB+f8/h87EneBgMl+Yj/3sklhyahR6Itm\n"
+- "lGuAAGTAOmD7i8OmS/a1ac5MtHAGtwH6A0B5GjaL8VnLQo4vFnuR7JuCQaLqGadV\n"
+- "mBmKxVHElduLf/VauBQPD5KZA+egpg+laJ4JLVXMmKIZGqRzopcIWZnKiJ8EGAEC\n"
+- "AAkFAk89F0QCGwwACgkQw2OGaR+Qtj0wbQQAlbEepeB7bs0G+VhULbA/5UBJOgRG\n"
+- "PWlXyveezo/gOGpRhBjm06KlSRaP56vj+2lhMSF7nCUES/JWJwu7vhoz1Qrp+U2M\n"
+- "yjIq8sRz5EK/TQceIYfCY5AwnPJwICN4pePbj2JJrL+9AoKiRRbU/DXzPvH0ud+y\n"
+- "PlwPoX47dtDVBSA=\n" "=EVlv\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
++#include "cert-common.h"
+
+ // }}}
+
+@@ -736,13 +688,10 @@ static void await(int fd, int timeout)
+
+ static void cred_init(void)
+ {
+- gnutls_datum_t key = { (unsigned char *)PUBKEY, sizeof(PUBKEY) };
+- gnutls_datum_t sec = { (unsigned char *)PRIVKEY, sizeof(PRIVKEY) };
++ assert(gnutls_certificate_allocate_credentials(&cred)>=0);
+
+- gnutls_certificate_allocate_credentials(&cred);
+-
+- gnutls_certificate_set_openpgp_key_mem(cred, &key, &sec,
+- GNUTLS_OPENPGP_FMT_BASE64);
++ gnutls_certificate_set_x509_key_mem(cred, &cli_ca3_cert, &cli_ca3_key,
++ GNUTLS_X509_FMT_PEM);
+ }
+
+ static void session_init(int sock, int server)
+@@ -751,7 +700,7 @@ static void session_init(int sock, int server)
+ GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT)
+ | GNUTLS_NONBLOCK * nonblock);
+ gnutls_priority_set_direct(session,
+- "+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+ECDHE-RSA:+ANON-ECDH",
++ "NORMAL:+ECDHE-RSA:+ANON-ECDH",
+ 0);
+ gnutls_transport_set_int(session, sock);
+
+@@ -763,11 +712,11 @@ static void session_init(int sock, int server)
+ }
+ } else if (server) {
+ gnutls_anon_server_credentials_t acred;
+- gnutls_anon_allocate_server_credentials(&acred);
++ assert(gnutls_anon_allocate_server_credentials(&acred)>=0);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
+ } else {
+ gnutls_anon_client_credentials_t acred;
+- gnutls_anon_allocate_client_credentials(&acred);
++ assert(gnutls_anon_allocate_client_credentials(&acred)>=0);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred);
+ }
+
+--
+2.10.2
+
--- /dev/null
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit libtool ltprune multilib-minimal versionator
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+LICENSE="GPL-3 LGPL-2.1"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE_LINGUAS=" en cs de fi fr it ms nl pl sv uk vi zh_CN"
+IUSE="+cxx dane doc examples guile +idn nls openpgp +openssl pkcs11 sslv2 +sslv3 seccomp static-libs test test-full +tls-heartbeat tools valgrind zlib ${IUSE_LINGUAS// / linguas_}"
+
+REQUIRED_USE="
+ test-full? ( guile pkcs11 openpgp openssl idn seccomp tools zlib )"
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+ dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+ >=dev-libs/nettle-3.1:=[gmp,${MULTILIB_USEDEP}]
+ >=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+ tools? ( sys-devel/autogen )
+ dane? ( >=net-dns/unbound-1.4.20[${MULTILIB_USEDEP}] )
+ guile? ( >=dev-scheme/guile-1.8:=[networking] )
+ nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+ pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+ idn? ( >=net-dns/libidn2-0.16-r1[${MULTILIB_USEDEP}] )
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+DEPEND="${RDEPEND}
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ doc? ( dev-util/gtk-doc )
+ nls? ( sys-devel/gettext )
+ valgrind? ( dev-util/valgrind )
+ test? (
+ guile? ( >=dev-scheme/guile-2 )
+ seccomp? ( sys-libs/libseccomp )
+ )
+ test-full? (
+ app-crypt/dieharder
+ app-misc/datefudge
+ dev-libs/softhsm:2[-bindist]
+ net-dialup/ppp
+ net-misc/socat
+ )"
+
+DOCS=(
+ README.md
+ doc/certtool.cfg
+)
+
+HTML_DOCS=()
+
+PATCHES=(
+ "${FILESDIR}/${P}-tests.patch"
+)
+
+pkg_setup() {
+ # bug#520818
+ export TZ=UTC
+
+ use doc && HTML_DOCS+=(
+ doc/gnutls.html
+ )
+}
+
+src_prepare() {
+ default
+
+ # force regeneration of autogen-ed files
+ local file
+ for file in $(grep -l AutoGen-ed src/*.c) ; do
+ rm src/$(basename ${file} .c).{c,h} || die
+ done
+
+ # Use sane .so versioning on FreeBSD.
+ elibtoolize
+}
+
+multilib_src_configure() {
+ LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+ # remove magic of library detection
+ # bug#438222
+ local libconf=($("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g'))
+
+ # TPM needs to be tested before being enabled
+ # hardware-accell is disabled on OSX because the asm files force
+ # GNU-stack (as doesn't support that) and when that's removed ld
+ # complains about duplicate symbols
+ ECONF_SOURCE=${S} econf \
+ --without-included-libtasn1 \
+ $(use_enable cxx) \
+ $(use_enable dane libdane) \
+ $(multilib_native_enable manpages) \
+ $(multilib_native_use_enable tools) \
+ $(multilib_native_use_enable doc) \
+ $(multilib_native_use_enable doc gtk-doc) \
+ $(multilib_native_use_enable guile) \
+ $(multilib_native_use_enable test tests) \
+ $(multilib_native_use_enable seccomp seccomp-tests) \
+ $(multilib_native_use_enable valgrind valgrind-tests) \
+ $(multilib_native_use_enable test-full full-test-suite) \
+ $(use_enable nls) \
+ $(use_enable openpgp openpgp-authentication) \
+ $(use_enable openssl openssl-compatibility) \
+ $(use_enable openssl openssl-compatibility) \
+ $(use_enable tls-heartbeat heartbeat-support) \
+ $(use_enable sslv2 ssl2-support) \
+ $(use_enable sslv3 ssl3-support) \
+ $(use_enable static-libs static) \
+ $(use_with pkcs11 p11-kit) \
+ $(use_with zlib) \
+ $(use_with idn) \
+ $(use_with idn libidn2) \
+ --without-tpm \
+ --with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt" \
+ "${libconf[@]}" \
+ $([[ ${CHOST} == *-darwin* ]] && echo --disable-hardware-acceleration)
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ if use examples; then
+ docinto examples
+ dodoc doc/examples/*.c
+ fi
+}