backport upsteam patches to fix testpkcs11.sh test failed
This commit is contained in:
Liquor
parent
34fe14737e
commit
f4d5467eb1
@ -1,27 +0,0 @@
|
||||
From b8a06681c876181df7a2bd812a14860afd43c490 Mon Sep 17 00:00:00 2001
|
||||
From: Liquor <lirui130@huawei.com>
|
||||
Date: Fri, 18 Dec 2020 16:17:33 +0800
|
||||
Subject: [PATCH] add skip_if_no_datefudge to testpkcs11.sh
|
||||
|
||||
Reason: test certificates in tests/testpkcs11-certs have expired
|
||||
issue:https://gitlab.com/gnutls/gnutls/-/issues/1135
|
||||
---
|
||||
tests/testpkcs11.sh | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh
|
||||
index 9458af2..71f4e31 100755
|
||||
--- a/tests/testpkcs11.sh
|
||||
+++ b/tests/testpkcs11.sh
|
||||
@@ -69,6 +69,8 @@ SERV="${SERV} -q"
|
||||
|
||||
. ${srcdir}/scripts/common.sh
|
||||
|
||||
+skip_if_no_datefudge
|
||||
+
|
||||
rm -f "${LOGFILE}"
|
||||
|
||||
exit_error () {
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -0,0 +1,78 @@
|
||||
From 2b0f6f3a2ff13153aaa70c764ba7a8b90aef794d Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Mon, 28 Dec 2020 16:16:53 +0100
|
||||
Subject: [PATCH] testpkcs11: use datefudge to trick certificate expiry
|
||||
|
||||
The certificates stored in tests/testpkcs11-certs expired on
|
||||
2020-12-13. To avoid verification failure due to that, use datefudge
|
||||
to set custom date when calling gnutls-cli, gnutls-serv, and certtool.
|
||||
|
||||
Based on the patch by Andreas Metzler:
|
||||
https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
tests/testpkcs11.sh | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh
|
||||
index 38b9585bc..09a627477 100755
|
||||
--- a/tests/testpkcs11.sh
|
||||
+++ b/tests/testpkcs11.sh
|
||||
@@ -67,6 +67,8 @@ have_ed25519=0
|
||||
P11TOOL="${VALGRIND} ${P11TOOL} --batch"
|
||||
SERV="${SERV} -q"
|
||||
|
||||
+TESTDATE=2020-12-01
|
||||
+
|
||||
. ${srcdir}/scripts/common.sh
|
||||
|
||||
rm -f "${LOGFILE}"
|
||||
@@ -79,6 +81,8 @@ exit_error () {
|
||||
exit 1
|
||||
}
|
||||
|
||||
+skip_if_no_datefudge
|
||||
+
|
||||
# $1: token
|
||||
# $2: PIN
|
||||
# $3: filename
|
||||
@@ -523,6 +527,7 @@ write_certificate_test () {
|
||||
pubkey="$5"
|
||||
|
||||
echo -n "* Generating client certificate... "
|
||||
+ datefudge -s "$TESTDATE" \
|
||||
"${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \
|
||||
--template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
|
||||
--load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1
|
||||
@@ -900,7 +905,9 @@ use_certificate_test () {
|
||||
echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
|
||||
# start server
|
||||
eval "${GETPORT}"
|
||||
- launch_server ${ADDITIONAL_PARAM} --echo --priority NORMAL --x509certfile="${certfile}" \
|
||||
+ launch_bare_server datefudge -s "$TESTDATE" \
|
||||
+ $VALGRIND $SERV $DEBUG -p "$PORT" \
|
||||
+ ${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \
|
||||
--x509keyfile="$keyfile" --x509cafile="${cafile}" \
|
||||
--verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1
|
||||
|
||||
@@ -908,13 +915,16 @@ use_certificate_test () {
|
||||
wait_server ${PID}
|
||||
|
||||
# connect to server using SC
|
||||
+ datefudge -s "$TESTDATE" \
|
||||
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \
|
||||
fail ${PID} "Connection should have failed!"
|
||||
|
||||
+ datefudge -s "$TESTDATE" \
|
||||
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
|
||||
--x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
||||
fail ${PID} "Connection (with files) should have succeeded!"
|
||||
|
||||
+ datefudge -s "$TESTDATE" \
|
||||
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
|
||||
--x509keyfile="${token};object=gnutls-client;object-type=private" \
|
||||
--x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
||||
--
|
||||
2.27.0
|
||||
|
||||
51
backport-tests-remove-launch_pkcs11_server.patch
Normal file
51
backport-tests-remove-launch_pkcs11_server.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From a7b126acd4793ced574acb68bdbf5c6a48bb4ad5 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Wed, 23 Sep 2020 09:34:09 +0200
|
||||
Subject: [PATCH] tests: remove launch_pkcs11_server
|
||||
|
||||
This function is only used by testpkcs11.sh.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
tests/scripts/common.sh | 11 -----------
|
||||
tests/testpkcs11.sh | 2 +-
|
||||
2 files changed, 1 insertion(+), 12 deletions(-)
|
||||
|
||||
diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh
|
||||
index 6ae19fa..5e6f91b 100644
|
||||
--- a/tests/scripts/common.sh
|
||||
+++ b/tests/scripts/common.sh
|
||||
@@ -168,17 +168,6 @@ launch_server() {
|
||||
${SERV} ${DEBUG} -p "${PORT}" $* >${LOGFILE-/dev/null} &
|
||||
}
|
||||
|
||||
-launch_pkcs11_server() {
|
||||
- PARENT="$1"
|
||||
- shift
|
||||
- PROVIDER="$1"
|
||||
- shift
|
||||
-
|
||||
- wait_for_free_port ${PORT}
|
||||
-
|
||||
- ${VALGRIND} ${SERV} ${PROVIDER} ${DEBUG} -p "${PORT}" $* &
|
||||
-}
|
||||
-
|
||||
launch_bare_server() {
|
||||
PARENT="$1"
|
||||
shift
|
||||
diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh
|
||||
index 9458af2..b69e312 100755
|
||||
--- a/tests/testpkcs11.sh
|
||||
+++ b/tests/testpkcs11.sh
|
||||
@@ -900,7 +900,7 @@ use_certificate_test () {
|
||||
echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
|
||||
# start server
|
||||
eval "${GETPORT}"
|
||||
- launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
|
||||
+ launch_server ${ADDITIONAL_PARAM} --echo --priority NORMAL --x509certfile="${certfile}" \
|
||||
--x509keyfile="$keyfile" --x509cafile="${cafile}" \
|
||||
--verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
||||
10
gnutls.spec
10
gnutls.spec
@ -1,15 +1,16 @@
|
||||
Name: gnutls
|
||||
Version: 3.6.15
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: The GNU Secure Communication Protocol Library
|
||||
|
||||
License: LGPLv2.1+ and GPLv3+
|
||||
URL: https://www.gnutls.org/
|
||||
Source0: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz
|
||||
Source1: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz.sig
|
||||
Patch0: fix-ipv6-handshake-failed.patch
|
||||
|
||||
Patch9000: add-skip_if_no_datefudge-to-testpkcs11.sh.patch
|
||||
Patch1: fix-ipv6-handshake-failed.patch
|
||||
Patch2: backport-tests-remove-launch_pkcs11_server.patch
|
||||
Patch3: backport-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
|
||||
|
||||
%bcond_without dane
|
||||
%bcond_with guile
|
||||
@ -200,6 +201,9 @@ make check %{?_smp_mflags}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sat Jan 30 2021 lirui <lirui130@huawei.com> - 3.6.15-2
|
||||
- backport upsteam patches to fix testpkcs11.sh test failed
|
||||
|
||||
* Wed Jan 20 2021 wangchen <wangchen137@huawei.com> - 3.6.15-1
|
||||
- update to 3.6.15
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user