openldap: fix build against gnutls3

OE-core update from gnutls2 to gnutls3, openldap needs patches to cope with that. Also add libgcrypt to DEPENDS since openldap links against it directly now instead of through gnutls.

Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch

@@ -0,0 +1,44 @@
+From 0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 7 Sep 2013 09:39:24 -0700
+Subject: [PATCH] ITS#7430 GnuTLS: Avoid use of deprecated function
+
+Upstream-status: Backport
+
+---
+ libraries/libldap/tls_g.c |   12 ++++++++++++
+ 1 files changed, 12 insertions(+), 0 deletions(-)
+
+diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
+index 9acffaf..c793828 100644
+--- a/libraries/libldap/tls_g.c
++++ b/libraries/libldap/tls_g.c
+@@ -368,6 +368,17 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ 		 * then we have to build the cert chain.
+ 		 */
+ 		if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
++#if GNUTLS_VERSION_NUMBER >= 0x020c00
++			unsigned int i;
++			for ( i = 1; i<VERIFY_DEPTH; i++ ) {
++				if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &certs[i], 0 ))
++					break;
++				max++;
++				/* If this CA is self-signed, we're done */
++				if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
++					break;
++			}
++#else
+ 			gnutls_x509_crt_t *cas;
+ 			unsigned int i, j, ncas;
+ 
+@@ -387,6 +398,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ 				if ( j == ncas )
+ 					break;
+ 			}
++#endif
+ 		}
+ 		rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
+ 		if ( rc ) return -1;
+-- 
+1.7.4.2
+

meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch

@@ -0,0 +1,17 @@
+From http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-nds/openldap/files/
+
+Upstream-status: Unknown
+
+--
+
+--- openldap-2.4.28/configure.in.orig	2012-02-11 22:40:36.004360795 +0000
++++ openldap-2.4.28/configure.in	2012-02-11 22:40:13.410986851 +0000
+@@ -1214,7 +1214,7 @@
+ 				ol_with_tls=gnutls
+ 				ol_link_tls=yes
+ 
+-				TLS_LIBS="-lgnutls"
++				TLS_LIBS="-lgnutls -lgcrypt"
+ 
+ 				AC_DEFINE(HAVE_GNUTLS, 1, 
+ 					[define if you have GNUtls])

meta-oe/recipes-support/openldap/openldap_2.4.23.bb

@@ -16,6 +16,8 @@ LDAP_VER = "${@'.'.join(d.getVar('PV',1).split('.')[0:2])}"
 SRC_URI = "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \
     file://openldap-m4-pthread.patch \
     file://kill-icu.patch \
+    file://0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch \
+    file://openldap-2.4.28-gnutls-gcrypt.patch \
     file://initscript \
 "
 SRC_URI[md5sum] = "90150b8c0d0192e10b30157e68844ddf"
@@ -48,7 +50,7 @@ PACKAGECONFIG ??= "gnutls modules \
                    ldap meta monitor null passwd shell proxycache dnssrv \
 "
 #--with-tls              with TLS/SSL support auto|openssl|gnutls [auto]
-PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls"
+PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls libgcrypt"
 PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl"
 
 PACKAGECONFIG[sasl] = "--with-cyrus-sasl,--without-cyrus-sasl,cyrus-sasl"