rpms/perl-Net-SSLeay
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch patch to upstream version

Browse Source 
Related: rhbz#1964854
This commit is contained in:
Michal Josef Špaček 2021-07-02 16:07:42 +02:00
parent 553076722c
commit 5dd8b11be5
2 changed files with 50 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch
View File

@ -1,38 +1,60 @@
diff -ru Net-SSLeay-1.90.orig/t/local/39_pkcs12.t Net-SSLeay-1.90/t/local/39_pkcs12.t
--- Net-SSLeay-1.90.orig/t/local/39_pkcs12.t 2020-11-18 10:12:44.000000000 +0100
+++ Net-SSLeay-1.90/t/local/39_pkcs12.t 2021-06-04 10:34:00.190276286 +0200
@@ -3,7 +3,7 @@
commit 327550f61f5e1e932ea911e59ccc496ebb307030
Author: Chris Novakovic <chris@chrisn.me.uk>
Date: Tue Jun 8 21:49:40 2021 +0100
39_pkcs12.t: validate CA certificate CNs with all libssl versions
When verifying common names in the PKCS#12 certificate chain, account
for the fact that PKCS12_parse() returns the CA certificate chain in a
different order in different versions of libssl.
Since the CA certificate chain tests now cover all versions of OpenSSL
and LibreSSL, don't skip the order check for versions of OpenSSL before
1.0.0, and remove the generic tests that ensure X509_NAME_oneline()
returns a valid-looking common name for each of the CA certificates
(since they're now redundant).
diff --git a/t/local/39_pkcs12.t b/t/local/39_pkcs12.t
index 5c7fb8b..5083331 100644
--- a/t/local/39_pkcs12.t
+++ b/t/local/39_pkcs12.t
@@ -3,7 +3,7 @@ use lib 'inc';
use Net::SSLeay;
use Test::Net::SSLeay qw( data_file_path initialise_libssl );
-plan tests => 19;
+plan tests => 18;
+plan tests => 17;
initialise_libssl();
@@ -38,11 +38,20 @@
@@ -36,12 +36,24 @@ my $filename3 = data_file_path('simple-cert.p12');
my $ca1_subj_name = Net::SSLeay::X509_get_subject_name($cachain[0]);
my $ca2_subj_name = Net::SSLeay::X509_get_subject_name($cachain[1]);
is(Net::SSLeay::X509_NAME_oneline($subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example', "X509_NAME_oneline [2/1]");
like(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/2]");
like(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/3]");
- like(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/2]");
- like(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/3]");
- SKIP: {
- skip("cert order in CA chain is different in openssl pre-1.0.0", 2) unless Net::SSLeay::SSLeay >= 0x01000000;
- is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]");
- is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/5]");
- }
+
+ # Different order in CA chain in some versions (e.g. openssl pre-1.0.0, openssl 3.0.0 alpha17)
+ my @x509_ascii_names = sort { $a cmp $b } (
+ Net::SSLeay::X509_NAME_oneline($ca1_subj_name),
+ Net::SSLeay::X509_NAME_oneline($ca2_subj_name),
+ );
+ is_deeply(
+ \@x509_ascii_names,
+ [
+ '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA',
+ '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA',
+ ],
+ 'X509_NAME_oneline [2/4]',
+ );
+ # OpenSSL versions 1.0.0-beta2 to 3.0.0-alpha6 inclusive and all versions of
+ # LibreSSL return the CA certificate chain with the root CA certificate at the
+ # end; all other versions return the certificate chain with the root CA
+ # certificate at the start
+ if (
+ Net::SSLeay::SSLeay < 0x10000002
+ || (
+ Net::SSLeay::SSLeay == 0x30000000
+ && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) !~ /-alpha[1-6] /
+ )
+ || Net::SSLeay::SSLeay > 0x30000000
+ ) {
+ is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/3]");
+ is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]");
+ }
+ else {
+ is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/3]");
+ is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/4]");
}
}
{

5
perl-Net-SSLeay.spec
View File

@ -6,7 +6,7 @@
Name: perl-Net-SSLeay
Version: 1.90
Release: 5%{?dist}
Release: 6%{?dist}
Summary: Perl extension for using OpenSSL
License: Artistic 2.0
URL: https://metacpan.org/release/Net-SSLeay
@ -137,6 +137,9 @@ make test
%{_mandir}/man3/Net::SSLeay::Handle.3*
%changelog
* Fri Jul 23 2021 Michal Josef Špaček <mspacek@redhat.com> - 1.90-6
- Update Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch patch to upstream version
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.90-5
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065