Add patch to for passing certificate chain validation
This patch fixes test errors on Fedora Rawhide due to the change in the min-verification-profile setting in gnutls.config. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger
parent
8ab2c96965
commit
ac941adb9f
|
|
@ -0,0 +1,56 @@
|
|||
From f5bd8ba14f5165bc5b7cd3b20a7ba07f6acbfffe Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.ibm.com>
|
||||
Date: Fri, 31 Jul 2020 10:47:27 -0400
|
||||
Subject: [PATCH] tests: Modify sample key to be 2048 bit rather than only 2033
|
||||
bit
|
||||
|
||||
The generated sample keys started with 00010203, thus leaving the upper
|
||||
15 bits of the key as '0', which in turn causes gnutls to think that the
|
||||
key is only 2033 bit long, thus rejecting certificate verification once
|
||||
the min-verification-profile is set to 'medium' in gnutls's config file
|
||||
in /etc/crypto-policies/back-ends/gnutls.config.
|
||||
|
||||
We now create sample keys starting with 800102, which sets the highest bit.
|
||||
|
||||
This fixes test errors on Fedora Rawhide due to the change in the
|
||||
min-verification-profile setting in gnutls.config.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
tests/test_tpm2_samples_swtpm_localca | 4 ++--
|
||||
tests/test_tpm2_samples_swtpm_localca_pkcs11 | 4 ++--
|
||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tests/test_tpm2_samples_swtpm_localca b/tests/test_tpm2_samples_swtpm_localca
|
||||
index 3611b9d2..11ad10ba 100755
|
||||
--- a/tests/test_tpm2_samples_swtpm_localca
|
||||
+++ b/tests/test_tpm2_samples_swtpm_localca
|
||||
@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca
|
||||
|
||||
workdir=$(mktemp -d "/tmp/path with spaces.XXXXXX")
|
||||
|
||||
-ek=""
|
||||
-for ((i = 0; i < 256; i++)); do
|
||||
+ek="80" # 2048 bit key must have highest bit set
|
||||
+for ((i = 1; i < 256; i++)); do
|
||||
ek="${ek}$(printf "%02x" $i)"
|
||||
done
|
||||
|
||||
diff --git a/tests/test_tpm2_samples_swtpm_localca_pkcs11 b/tests/test_tpm2_samples_swtpm_localca_pkcs11
|
||||
index 5d0d1d45..372a6391 100755
|
||||
--- a/tests/test_tpm2_samples_swtpm_localca_pkcs11
|
||||
+++ b/tests/test_tpm2_samples_swtpm_localca_pkcs11
|
||||
@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca
|
||||
|
||||
workdir=$(mktemp -d)
|
||||
|
||||
-ek=""
|
||||
-for ((i = 0; i < 256; i++)); do
|
||||
+ek="80" # 2048 bit key must have highest bit set
|
||||
+for ((i = 1; i < 256; i++)); do
|
||||
ek="${ek}$(printf "%02x" $i)"
|
||||
done
|
||||
|
||||
--
|
||||
2.25.4
|
||||
|
||||
|
|
@ -12,12 +12,13 @@
|
|||
Summary: TPM Emulator
|
||||
Name: swtpm
|
||||
Version: 0.3.0
|
||||
Release: 3.%{gitdate}git%{gitshortcommit}%{?dist}
|
||||
Release: 4.%{gitdate}git%{gitshortcommit}%{?dist}
|
||||
License: BSD
|
||||
Url: http://github.com/stefanberger/swtpm
|
||||
Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
|
||||
|
||||
Patch0001: 0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch
|
||||
Patch0002: 0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch
|
||||
|
||||
BuildRequires: git-core
|
||||
BuildRequires: automake
|
||||
|
|
|
|||
Loading…
Reference in New Issue