Add patches from git master to fix TLS test suite with new GNUTLS
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
9acefb8589
commit
a8c6008b7d
@ -0,0 +1,34 @@
|
||||
From 23c1595b0297e6ca8f37559af6f0b8533aa1fd99 Mon Sep 17 00:00:00 2001
|
||||
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||
Date: Tue, 29 Aug 2017 17:03:30 +0100
|
||||
Subject: [PATCH] crypto: fix test cert generation to not use SHA1 algorithm
|
||||
|
||||
GNUTLS 3.6.0 marked SHA1 as untrusted for certificates.
|
||||
Unfortunately the gnutls_x509_crt_sign() method we are
|
||||
using to create certificates in the test suite is fixed
|
||||
to always use SHA1. We must switch to a different method
|
||||
and explicitly ask for SHA256.
|
||||
|
||||
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
---
|
||||
tests/crypto-tls-x509-helpers.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/crypto-tls-x509-helpers.c b/tests/crypto-tls-x509-helpers.c
|
||||
index 64073d3bd3..173d4e28fb 100644
|
||||
--- a/tests/crypto-tls-x509-helpers.c
|
||||
+++ b/tests/crypto-tls-x509-helpers.c
|
||||
@@ -406,7 +406,8 @@ test_tls_generate_cert(QCryptoTLSTestCertReq *req,
|
||||
* If no 'ca' is set then we are self signing
|
||||
* the cert. This is done for the root CA certs
|
||||
*/
|
||||
- err = gnutls_x509_crt_sign(crt, ca ? ca : crt, privkey);
|
||||
+ err = gnutls_x509_crt_sign2(crt, ca ? ca : crt, privkey,
|
||||
+ GNUTLS_DIG_SHA256, 0);
|
||||
if (err < 0) {
|
||||
g_critical("Failed to sign certificate %s",
|
||||
gnutls_strerror(err));
|
||||
--
|
||||
2.13.5
|
||||
|
34
1017-io-fix-check-for-handshake-completion-in-TLS-test.patch
Normal file
34
1017-io-fix-check-for-handshake-completion-in-TLS-test.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From 689ed13e73bdb5a5ca3366524475e3065fae854a Mon Sep 17 00:00:00 2001
|
||||
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||
Date: Tue, 29 Aug 2017 17:04:52 +0100
|
||||
Subject: [PATCH] io: fix check for handshake completion in TLS test
|
||||
|
||||
The TLS I/O channel test had mistakenly used && instead
|
||||
of || when checking for handshake completion. As a
|
||||
result it could terminate the handshake process before
|
||||
it had actually completed. This was harmless before but
|
||||
changes in GNUTLS 3.6.0 exposed this bug and caused the
|
||||
test suite to fail.
|
||||
|
||||
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
---
|
||||
tests/test-io-channel-tls.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c
|
||||
index ff96877323..a210d01ba5 100644
|
||||
--- a/tests/test-io-channel-tls.c
|
||||
+++ b/tests/test-io-channel-tls.c
|
||||
@@ -218,7 +218,7 @@ static void test_io_channel_tls(const void *opaque)
|
||||
mainloop = g_main_context_default();
|
||||
do {
|
||||
g_main_context_iteration(mainloop, TRUE);
|
||||
- } while (!clientHandshake.finished &&
|
||||
+ } while (!clientHandshake.finished ||
|
||||
!serverHandshake.finished);
|
||||
|
||||
g_assert(clientHandshake.failed == data->expectClientFail);
|
||||
--
|
||||
2.13.5
|
||||
|
@ -0,0 +1,34 @@
|
||||
From d4adf9675801cd90e66ecfcd6a54ca1abc5a6698 Mon Sep 17 00:00:00 2001
|
||||
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||
Date: Fri, 21 Jul 2017 12:47:39 +0100
|
||||
Subject: [PATCH] io: fix temp directory used by test-io-channel-tls test
|
||||
|
||||
The test-io-channel-tls test was mistakenly using two of the
|
||||
same directories as test-crypto-tlssession. This causes a
|
||||
sporadic failure when using make -j$BIGNUM.
|
||||
|
||||
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
---
|
||||
tests/test-io-channel-tls.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c
|
||||
index 8eaa208e1b..ff96877323 100644
|
||||
--- a/tests/test-io-channel-tls.c
|
||||
+++ b/tests/test-io-channel-tls.c
|
||||
@@ -127,8 +127,8 @@ static void test_io_channel_tls(const void *opaque)
|
||||
/* We'll use this for our fake client-server connection */
|
||||
g_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, channel) == 0);
|
||||
|
||||
-#define CLIENT_CERT_DIR "tests/test-crypto-tlssession-client/"
|
||||
-#define SERVER_CERT_DIR "tests/test-crypto-tlssession-server/"
|
||||
+#define CLIENT_CERT_DIR "tests/test-io-channel-tls-client/"
|
||||
+#define SERVER_CERT_DIR "tests/test-io-channel-tls-server/"
|
||||
mkdir(CLIENT_CERT_DIR, 0700);
|
||||
mkdir(SERVER_CERT_DIR, 0700);
|
||||
|
||||
--
|
||||
2.13.5
|
||||
|
@ -157,6 +157,9 @@ Patch1012: 1012-scsi-file-posix-add-support-for-persistent-reservati.patch
|
||||
Patch1013: 1013-scsi-build-qemu-pr-helper.patch
|
||||
Patch1014: 1014-scsi-add-multipath-support-to-qemu-pr-helper.patch
|
||||
Patch1015: 1015-scsi-add-persistent-reservation-manager-using-qemu-p.patch
|
||||
Patch1016: 1016-crypto-fix-test-cert-generation-to-not-use-SHA1-algo.patch
|
||||
Patch1017: 1017-io-fix-check-for-handshake-completion-in-TLS-test.patch
|
||||
Patch1018: 1018-io-fix-temp-directory-used-by-test-io-channel-tls-te.patch
|
||||
|
||||
# documentation deps
|
||||
BuildRequires: texinfo
|
||||
|
Loading…
Reference in New Issue
Block a user