[Csync2] csync2 and recent gnutls

[Giampaolo Tomassoni]

Recent gnutls packages use pkg-config instead of the gnutls-config one.
Also, I even experienced some troubles with gnutls-2.8.3 due to the fact
some entries in the libgnutls-openssl.so library are GNUTLS_PRIVATE there,
instead of being public the way they used to be.

Due to this, the csync2 package fails to configure and build against these
gnutls versions.

In order to overcame these troubles, of course we need to fix the automake
and autoconfig files (aclocal.m4). But the real problem to me is that we
can't rely on libgnutls-openssl.so anymore.

Since the libgnutls-openssl.so is only a compatibility library mapping the
openssl API into the gnutls one, I think the best way to go is to modify the
csync2 ssl code to directly use the gnutls API.

I'm developing a patch fixing configure and switching to the native gnutls
API, but I'm experiencing some problems with the client certificate
authentication and I need some help from people already using csync2 with
certs.

How did you do these certs? I mean, I read paper.pdf so I know how they are
created. But you have a single cert_key and cert pair copied to all the
nodes of the group, or instead each node of the group has its own cert_key
and cert pair?

This is because I discovered that a gnutls client sends its authenticating
certificate to the server iff the client certificate is signed by one of the
CAs the server announces to known to the client. Since I believe most csync2
certs are self-signed, it may be that two different cert_key and cert pair
wouldn't work with csync2.

Can someone check this with some old csync2 ? I can't...

Thanks,

Giampaolo