Update tests to be compatible with OpenSSL 3.2

Pull in certmonger upstream fix bba83217f9c6d9804b4707b3ef05e7386a4c48f5
2024-02-20 14:58:44 -05:00 · 2024-02-20 14:58:44 -05:00 · 0331d63399
commit 0331d63399
parent fa4674efe9
2 changed files with 54 additions and 3 deletions
--- a/0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
+++ b/0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
@ -0,0 +1,47 @@
+From bba83217f9c6d9804b4707b3ef05e7386a4c48f5 Mon Sep 17 00:00:00 2001
+From: Otto Hollmann <otto.hollmann@suse.com>
+Date: Wed, 13 Dec 2023 10:23:39 +0100
+Subject: [PATCH] Update tests to be compatible with OpenSSL 3.2
+
+In test 003-csrgen-ec OpenSSL 3.2 shows warning when reading from stdin, so
+specify an input file to get rid of this warning.
+In test 038-ms-v2-template openssl asn1parse shows ':Microsoft certificate
+template' instead of ':1.3.6.1.4.1.311.21.7' so we have to check both versions.
+See https://github.com/openssl/openssl/pull/20986
+---
+ tests/003-csrgen-ec/run.sh                  | 4 ++--
+ tests/038-ms-v2-template/extract-extdata.py | 3 ++-
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/tests/003-csrgen-ec/run.sh b/tests/003-csrgen-ec/run.sh
+index cd9f9422..196b6d02 100755
+--- a/tests/003-csrgen-ec/run.sh
+++ b/tests/003-csrgen-ec/run.sh
+@@ -42,8 +42,8 @@ grep ^minicert= entry.nss.$size | sed s,^minicert=,, | base64 -d > minicert.nss.
+ openssl x509 -out minicert.nss.$size.pem -in minicert.nss.$size -inform der
+ # The RSA tests already verify the contents of the requests, so we really only
+ # need to care about the signatures passing verification.
+-openssl req   -verify -noout < csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //'
+-openssl req   -verify -noout < csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //'
+openssl req   -verify -noout -in csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //'
+openssl req   -verify -noout -in csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //'
+ openssl spkac -verify -noout < spkac.nss.$size 2>&1
+ openssl spkac -verify -noout < spkac.openssl.$size 2>&1
+ openssl verify -CAfile minicert.openssl.$size.pem minicert.openssl.$size.pem 2>&1
+diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py
+index 8b6b14ff..e2f84a10 100755
+--- a/tests/038-ms-v2-template/extract-extdata.py
+++ b/tests/038-ms-v2-template/extract-extdata.py
+@@ -13,7 +13,8 @@ STATE_SEARCH, STATE_FOUND, STATE_DONE = range(3)
+ state = STATE_SEARCH
+ 
+ for line in sys.stdin:
+-    if state == STATE_SEARCH and ':1.3.6.1.4.1.311.21.7' in line:
+    if state == STATE_SEARCH and (':Microsoft certificate template' in line
+                                  or ':1.3.6.1.4.1.311.21.7' in line):
+         state = STATE_FOUND
+         continue
+ 
+-- 
+2.42.0
+
--- a/certmonger.spec
+++ b/certmonger.spec
@ -28,14 +28,15 @@

 Name:		certmonger
 Version:	0.79.19
-Release:	4%{?dist}
+Release:	5%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client

 License:	GPL-3.0-or-later
 URL:		http://pagure.io/certmonger/
 Source0:	http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
-Patch0: certmonger-c99.patch
-Patch1: certmonger-c99-2.patch
+Patch0:		certmonger-c99.patch
+Patch1:		certmonger-c99-2.patch
+Patch2:		0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
 #Source1:	http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig

 BuildRequires:	autoconf
@ -266,6 +267,9 @@ exit 0
 %endif

 %changelog
+* Tue Feb 20 2024 Rob Crittenden <rcritten@redhat.com> - 0.79.19-5
+- Update tests to be compatible with OpenSSL 3.2
+
 * Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.19-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild