rpms/nss
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rebuild with NSPR 4.22

Browse Source
This commit is contained in:
Daiki Ueno 2019-09-04 12:55:32 +02:00
parent 28fbcd8570
commit 7fde29358f
2 changed files with 5 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
nss-skip-tls13-fips.patch
View File

@ -1,27 +0,0 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1558341826 -7200
# Mon May 20 10:43:46 2019 +0200
# Node ID b447f0046807b718d2928d0e33313620d38a287a
# Parent 02ea5f29ac3c1f1c6e6eb4b655afd9b4fc075a9e
tests: skip TLS 1.3 tests under FIPS mode
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
--- a/tests/ssl/ssl.sh
+++ b/tests/ssl/ssl.sh
@@ -393,6 +393,15 @@ ssl_auth()
echo "${testname}" | grep "TLS 1.3" > /dev/null
TLS13=$?
+ # Currently TLS 1.3 tests are known to fail under FIPS mode,
+ # because HKDF is implemented using the PKCS #11 functions
+ # prohibited under FIPS mode.
+ if [ "${TLS13}" -eq 0 ] && \
+ [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
+ echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
+ continue
+ fi
+
if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then

9
nss.spec
View File

@ -1,4 +1,4 @@
%global nspr_version 4.21.0 %global nspr_version 4.22.0
%global nss_version 3.46.0 %global nss_version 3.46.0
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global saved_files_dir %{_libdir}/nss/saved %global saved_files_dir %{_libdir}/nss/saved
@ -43,7 +43,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: %{nss_version} Version: %{nss_version}
Release: 1%{?dist} Release: 2%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Requires: nspr >= %{nspr_version} Requires: nspr >= %{nspr_version}
@ -105,8 +105,6 @@ Patch2: nss-539183.patch
# Once the buildroot aha been bootstrapped the patch may be removed # Once the buildroot aha been bootstrapped the patch may be removed
# but it doesn't hurt to keep it. # but it doesn't hurt to keep it.
Patch4: iquote.patch Patch4: iquote.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1552767
Patch5: nss-skip-tls13-fips.patch
%description %description
Network Security Services (NSS) is a set of libraries designed to Network Security Services (NSS) is a set of libraries designed to
@ -872,6 +870,9 @@ update-crypto-policies &> /dev/null || :
%changelog %changelog
* Wed Sep 4 2019 Daiki Ueno <dueno@redhat.com> - 3.46.0-2
- Rebuild with NSPR 4.22
* Tue Sep 3 2019 Daiki Ueno <dueno@redhat.com> - 3.46.0-1 * Tue Sep 3 2019 Daiki Ueno <dueno@redhat.com> - 3.46.0-1
- Update to NSS 3.46 - Update to NSS 3.46