Add patches from git master to fix TLS test suite with new GNUTLS

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2017-10-12 09:26:40 +01:00
parent 9acefb8589
commit a8c6008b7d
4 changed files with 105 additions and 0 deletions

View File

@ -0,0 +1,34 @@
From 23c1595b0297e6ca8f37559af6f0b8533aa1fd99 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 29 Aug 2017 17:03:30 +0100
Subject: [PATCH] crypto: fix test cert generation to not use SHA1 algorithm
GNUTLS 3.6.0 marked SHA1 as untrusted for certificates.
Unfortunately the gnutls_x509_crt_sign() method we are
using to create certificates in the test suite is fixed
to always use SHA1. We must switch to a different method
and explicitly ask for SHA256.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/crypto-tls-x509-helpers.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/crypto-tls-x509-helpers.c b/tests/crypto-tls-x509-helpers.c
index 64073d3bd3..173d4e28fb 100644
--- a/tests/crypto-tls-x509-helpers.c
+++ b/tests/crypto-tls-x509-helpers.c
@@ -406,7 +406,8 @@ test_tls_generate_cert(QCryptoTLSTestCertReq *req,
* If no 'ca' is set then we are self signing
* the cert. This is done for the root CA certs
*/
- err = gnutls_x509_crt_sign(crt, ca ? ca : crt, privkey);
+ err = gnutls_x509_crt_sign2(crt, ca ? ca : crt, privkey,
+ GNUTLS_DIG_SHA256, 0);
if (err < 0) {
g_critical("Failed to sign certificate %s",
gnutls_strerror(err));
--
2.13.5

View File

@ -0,0 +1,34 @@
From 689ed13e73bdb5a5ca3366524475e3065fae854a Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 29 Aug 2017 17:04:52 +0100
Subject: [PATCH] io: fix check for handshake completion in TLS test
The TLS I/O channel test had mistakenly used && instead
of || when checking for handshake completion. As a
result it could terminate the handshake process before
it had actually completed. This was harmless before but
changes in GNUTLS 3.6.0 exposed this bug and caused the
test suite to fail.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/test-io-channel-tls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c
index ff96877323..a210d01ba5 100644
--- a/tests/test-io-channel-tls.c
+++ b/tests/test-io-channel-tls.c
@@ -218,7 +218,7 @@ static void test_io_channel_tls(const void *opaque)
mainloop = g_main_context_default();
do {
g_main_context_iteration(mainloop, TRUE);
- } while (!clientHandshake.finished &&
+ } while (!clientHandshake.finished ||
!serverHandshake.finished);
g_assert(clientHandshake.failed == data->expectClientFail);
--
2.13.5

View File

@ -0,0 +1,34 @@
From d4adf9675801cd90e66ecfcd6a54ca1abc5a6698 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Fri, 21 Jul 2017 12:47:39 +0100
Subject: [PATCH] io: fix temp directory used by test-io-channel-tls test
The test-io-channel-tls test was mistakenly using two of the
same directories as test-crypto-tlssession. This causes a
sporadic failure when using make -j$BIGNUM.
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/test-io-channel-tls.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c
index 8eaa208e1b..ff96877323 100644
--- a/tests/test-io-channel-tls.c
+++ b/tests/test-io-channel-tls.c
@@ -127,8 +127,8 @@ static void test_io_channel_tls(const void *opaque)
/* We'll use this for our fake client-server connection */
g_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, channel) == 0);
-#define CLIENT_CERT_DIR "tests/test-crypto-tlssession-client/"
-#define SERVER_CERT_DIR "tests/test-crypto-tlssession-server/"
+#define CLIENT_CERT_DIR "tests/test-io-channel-tls-client/"
+#define SERVER_CERT_DIR "tests/test-io-channel-tls-server/"
mkdir(CLIENT_CERT_DIR, 0700);
mkdir(SERVER_CERT_DIR, 0700);
--
2.13.5

View File

@ -157,6 +157,9 @@ Patch1012: 1012-scsi-file-posix-add-support-for-persistent-reservati.patch
Patch1013: 1013-scsi-build-qemu-pr-helper.patch Patch1013: 1013-scsi-build-qemu-pr-helper.patch
Patch1014: 1014-scsi-add-multipath-support-to-qemu-pr-helper.patch Patch1014: 1014-scsi-add-multipath-support-to-qemu-pr-helper.patch
Patch1015: 1015-scsi-add-persistent-reservation-manager-using-qemu-p.patch Patch1015: 1015-scsi-add-persistent-reservation-manager-using-qemu-p.patch
Patch1016: 1016-crypto-fix-test-cert-generation-to-not-use-SHA1-algo.patch
Patch1017: 1017-io-fix-check-for-handshake-completion-in-TLS-test.patch
Patch1018: 1018-io-fix-temp-directory-used-by-test-io-channel-tls-te.patch
# documentation deps # documentation deps
BuildRequires: texinfo BuildRequires: texinfo