diff --git a/devel/release b/devel/release
index 343781738d3d15696b772c76ce1784765e44a1d9..7e0ef335338401bcdf1b57ba0190487617c67b53 100755
--- a/devel/release
+++ b/devel/release
@@ -46,6 +46,26 @@ echo "Cloning the repository under $TMPDIR ..."
git clone -q "$URL" dist
cd dist
git checkout $TAG
+
+# Check minimum aclocal version for releasing
+MIN_ACLOCAL_VERSION=( 1 11 1 )
+ACLOCAL_VERSION=$(${ACLOCAL:-aclocal} --version | head -1 | \
+ sed -e 's/^[^0-9]*\([0-9\.]*\)$/\1/')
+
+ACLOCAL_VERSION_REST=$ACLOCAL_VERSION
+for v in ${MIN_ACLOCAL_VERSION[@]}; do
+ ACLOCAL_VERSION_PART=${ACLOCAL_VERSION_REST%%.*}
+ ACLOCAL_VERSION_REST=${ACLOCAL_VERSION_REST#$ACLOCAL_VERSION_PART.}
+ if [[ $v -eq $ACLOCAL_VERSION_PART ]]; then
+ continue
+ elif [[ $v -lt $ACLOCAL_VERSION_PART ]]; then
+ break
+ else # gt
+ echo "aclocal version $ACLOCAL_VERSION is too old (< 1.11.1)"
+ exit 1
+ fi
+done
+
./autogen.sh
./configure
diff --git a/lib/http/__init__.py b/lib/http/__init__.py
index 8767272beae09b116c2f98273a552233e297a9d1..036c13f6de2e62d35286967f3d8edccd5b9c4100 100644
--- a/lib/http/__init__.py
+++ b/lib/http/__init__.py
@@ -550,6 +550,7 @@ class HttpSslParams(object):
"""
self.ssl_key_pem = utils.ReadFile(ssl_key_path)
self.ssl_cert_pem = utils.ReadFile(ssl_cert_path)
+ self.ssl_cert_path = ssl_cert_path
def GetKey(self):
return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
@@ -609,6 +610,15 @@ class HttpBase(object):
OpenSSL.SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
self._SSLVerifyCallback)
+ # Also add our certificate as a trusted CA to be sent to the client.
+ # This is required at least for GnuTLS clients to work.
+ try:
+ # This will fail for PyOpenssl versions before 0.10
+ ctx.add_client_ca(self._ssl_cert)
+ except AttributeError:
+ # Fall back to letting OpenSSL read the certificate file directly.
+ ctx.load_client_ca(ssl_params.ssl_cert_path)
+
return OpenSSL.SSL.Connection(ctx, sock)
def GetSslCiphers(self): # pylint: disable-msg=R0201