From c7cb9471038a76ba1e05fbd0f9dc85be9ca9779f Mon Sep 17 00:00:00 2001
From: "Aaron M. Ucko" <ucko@debian.org>
Date: Wed, 1 Dec 2021 22:08:16 -0500
Subject: [PATCH] suppress gnu TLS and mbed TLS version checks

   Prevent bailing when the exact compile-time and runtime GNU TLS versions
   differ; trust dpkg to disallow combinations that are actually incompatible.
   Likewise for mbed TLS.

Gbp-Pq: Name suppress_tls_version_checks
---
 c++/src/connect/ncbi_gnutls.c  | 2 ++
 c++/src/connect/ncbi_mbedtls.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/c++/src/connect/ncbi_gnutls.c b/c++/src/connect/ncbi_gnutls.c
index 2391fbe4..e3d9b7e6 100644
--- a/c++/src/connect/ncbi_gnutls.c
+++ b/c++/src/connect/ncbi_gnutls.c
@@ -769,6 +769,7 @@ static EIO_Status s_GnuTlsInit(FSSLPull pull, FSSLPush push)
 
     CORE_TRACE("GnuTlsInit(): Enter");
 
+#if 0
     version = gnutls_check_version(0);
     if (strcasecmp(GNUTLS_VERSION, version) != 0) {
         CORE_LOGF_X(26, eLOG_Critical,
@@ -776,6 +777,7 @@ static EIO_Status s_GnuTlsInit(FSSLPull pull, FSSLPush push)
                      GNUTLS_VERSION, version));
         assert(0);
     }
+#endif
 
     if (!pull  ||  !push) {
         status = eIO_InvalidArg;
diff --git a/c++/src/connect/ncbi_mbedtls.c b/c++/src/connect/ncbi_mbedtls.c
index 19db747a..006a20fd 100644
--- a/c++/src/connect/ncbi_mbedtls.c
+++ b/c++/src/connect/ncbi_mbedtls.c
@@ -770,12 +770,14 @@ static EIO_Status s_MbedTlsInit(FSSLPull pull, FSSLPush push)
     CORE_TRACE("MbedTlsInit(): Enter");
 
     mbedtls_version_get_string(version);
+#if 0
     if (strcasecmp(MBEDTLS_VERSION_STRING, version) != 0) {
         CORE_LOGF_X(5, eLOG_Critical,
                     ("%s version mismatch: %s headers vs. %s runtime",
                      kMbedTls, MBEDTLS_VERSION_STRING, version));
         assert(0);
     }
+#endif
 
     if (!pull  ||  !push) {
         status = eIO_InvalidArg;
-- 
2.30.2