Skip TLS 1.3 tests under FIPS mode
This commit is contained in:
parent
4567b678cc
commit
3ea5d2fb0e
27
nss-skip-tls13-fips.patch
Normal file
27
nss-skip-tls13-fips.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Daiki Ueno <dueno@redhat.com>
|
||||||
|
# Date 1558341826 -7200
|
||||||
|
# Mon May 20 10:43:46 2019 +0200
|
||||||
|
# Node ID b447f0046807b718d2928d0e33313620d38a287a
|
||||||
|
# Parent 02ea5f29ac3c1f1c6e6eb4b655afd9b4fc075a9e
|
||||||
|
tests: skip TLS 1.3 tests under FIPS mode
|
||||||
|
|
||||||
|
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
|
||||||
|
--- a/tests/ssl/ssl.sh
|
||||||
|
+++ b/tests/ssl/ssl.sh
|
||||||
|
@@ -393,6 +393,15 @@ ssl_auth()
|
||||||
|
echo "${testname}" | grep "TLS 1.3" > /dev/null
|
||||||
|
TLS13=$?
|
||||||
|
|
||||||
|
+ # Currently TLS 1.3 tests are known to fail under FIPS mode,
|
||||||
|
+ # because HKDF is implemented using the PKCS #11 functions
|
||||||
|
+ # prohibited under FIPS mode.
|
||||||
|
+ if [ "${TLS13}" -eq 0 ] && \
|
||||||
|
+ [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
|
||||||
|
+ echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
|
||||||
|
+ continue
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then
|
||||||
|
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
|
||||||
|
elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
|
7
nss.spec
7
nss.spec
@ -43,7 +43,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: %{nss_version}
|
Version: %{nss_version}
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Requires: nspr >= %{nspr_version}
|
Requires: nspr >= %{nspr_version}
|
||||||
@ -107,6 +107,8 @@ Patch3: nss-module-leak.patch
|
|||||||
# Once the buildroot aha been bootstrapped the patch may be removed
|
# Once the buildroot aha been bootstrapped the patch may be removed
|
||||||
# but it doesn't hurt to keep it.
|
# but it doesn't hurt to keep it.
|
||||||
Patch4: iquote.patch
|
Patch4: iquote.patch
|
||||||
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1552767
|
||||||
|
Patch5: nss-skip-tls13-fips.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
@ -871,6 +873,9 @@ update-crypto-policies &> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 20 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-2
|
||||||
|
- Skip TLS 1.3 tests under FIPS mode
|
||||||
|
|
||||||
* Fri May 17 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-1
|
* Fri May 17 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-1
|
||||||
- Update to NSS 3.44
|
- Update to NSS 3.44
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user