From 0331d633997825a5ccd1c5d1a7ff409419ed1089 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 20 Feb 2024 14:58:44 -0500 Subject: [PATCH] Update tests to be compatible with OpenSSL 3.2 Pull in certmonger upstream fix bba83217f9c6d9804b4707b3ef05e7386a4c48f5 --- ...ts-to-be-compatible-with-OpenSSL-3.2.patch | 47 +++++++++++++++++++ certmonger.spec | 10 ++-- 2 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch diff --git a/0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch b/0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch new file mode 100644 index 0000000..5a1a27c --- /dev/null +++ b/0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch @@ -0,0 +1,47 @@ +From bba83217f9c6d9804b4707b3ef05e7386a4c48f5 Mon Sep 17 00:00:00 2001 +From: Otto Hollmann +Date: Wed, 13 Dec 2023 10:23:39 +0100 +Subject: [PATCH] Update tests to be compatible with OpenSSL 3.2 + +In test 003-csrgen-ec OpenSSL 3.2 shows warning when reading from stdin, so +specify an input file to get rid of this warning. +In test 038-ms-v2-template openssl asn1parse shows ':Microsoft certificate +template' instead of ':1.3.6.1.4.1.311.21.7' so we have to check both versions. +See https://github.com/openssl/openssl/pull/20986 +--- + tests/003-csrgen-ec/run.sh | 4 ++-- + tests/038-ms-v2-template/extract-extdata.py | 3 ++- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/tests/003-csrgen-ec/run.sh b/tests/003-csrgen-ec/run.sh +index cd9f9422..196b6d02 100755 +--- a/tests/003-csrgen-ec/run.sh ++++ b/tests/003-csrgen-ec/run.sh +@@ -42,8 +42,8 @@ grep ^minicert= entry.nss.$size | sed s,^minicert=,, | base64 -d > minicert.nss. + openssl x509 -out minicert.nss.$size.pem -in minicert.nss.$size -inform der + # The RSA tests already verify the contents of the requests, so we really only + # need to care about the signatures passing verification. +-openssl req -verify -noout < csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //' +-openssl req -verify -noout < csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //' ++openssl req -verify -noout -in csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //' ++openssl req -verify -noout -in csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //' + openssl spkac -verify -noout < spkac.nss.$size 2>&1 + openssl spkac -verify -noout < spkac.openssl.$size 2>&1 + openssl verify -CAfile minicert.openssl.$size.pem minicert.openssl.$size.pem 2>&1 +diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py +index 8b6b14ff..e2f84a10 100755 +--- a/tests/038-ms-v2-template/extract-extdata.py ++++ b/tests/038-ms-v2-template/extract-extdata.py +@@ -13,7 +13,8 @@ STATE_SEARCH, STATE_FOUND, STATE_DONE = range(3) + state = STATE_SEARCH + + for line in sys.stdin: +- if state == STATE_SEARCH and ':1.3.6.1.4.1.311.21.7' in line: ++ if state == STATE_SEARCH and (':Microsoft certificate template' in line ++ or ':1.3.6.1.4.1.311.21.7' in line): + state = STATE_FOUND + continue + +-- +2.42.0 + diff --git a/certmonger.spec b/certmonger.spec index 0439c85..e6c8a2a 100644 --- a/certmonger.spec +++ b/certmonger.spec @@ -28,14 +28,15 @@ Name: certmonger Version: 0.79.19 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Certificate status monitor and PKI enrollment client License: GPL-3.0-or-later URL: http://pagure.io/certmonger/ Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz -Patch0: certmonger-c99.patch -Patch1: certmonger-c99-2.patch +Patch0: certmonger-c99.patch +Patch1: certmonger-c99-2.patch +Patch2: 0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch #Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig BuildRequires: autoconf @@ -266,6 +267,9 @@ exit 0 %endif %changelog +* Tue Feb 20 2024 Rob Crittenden - 0.79.19-5 +- Update tests to be compatible with OpenSSL 3.2 + * Tue Jan 23 2024 Fedora Release Engineering - 0.79.19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild