stunnel/stunnel-5.61-fips-test.patch

77 lines
3.1 KiB
Diff
Raw Normal View History

From ba3b7eace6f1fd5797be649dd7ba87b3ec988293 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 7/8] Skip FIPS tests if FIPS is unconfigured
When built against OpenSSL 3 with the enable-fips option, the FIPS
shared library can be loaded, but unless the system administrator has
run openssl fipsinstall and modified the OpenSSL configuration, FIPS
mode will still fail with an error message saying it is missing config
data.
Since this does not indicate a problem with stunnel's code, but with the
underlying OpenSSL setup, skip the test if this occurs. This is the same
behavior when running against a copy of OpenSSL 3.x that was not built
with 'enable-fips'.
Upstream-Status: Inappropriate [configuration]
Patch-status: Skip FIPS tests if FIPS is unconfigured
Patch-name: stunnel-5.61-fips-test.patch
Patch-id: 7
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
tests/plugins/p10_fips.py | 3 ++-
tests/plugins/p11_fips_cipher.py | 8 +++++---
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/tests/plugins/p10_fips.py b/tests/plugins/p10_fips.py
index 5d2bc56..68680c0 100644
--- a/tests/plugins/p10_fips.py
+++ b/tests/plugins/p10_fips.py
@@ -29,7 +29,8 @@ class FIPSTest(StunnelTest):
self.events.skip = [
"FIPS provider not available",
"fips mode not supported",
- r"FIPS PROVIDER.*could not load the shared library"
+ r"FIPS PROVIDER.*could not load the shared library",
+ r"FIPS PROVIDER.*missing config data"
]
self.events.failure = [
"peer did not return a certificate",
diff --git a/tests/plugins/p11_fips_cipher.py b/tests/plugins/p11_fips_cipher.py
index 0280a1d..22eebd7 100644
--- a/tests/plugins/p11_fips_cipher.py
+++ b/tests/plugins/p11_fips_cipher.py
@@ -30,7 +30,8 @@ class FailureCipherFIPS(StunnelTest):
self.events.skip = [
"FIPS provider not available",
"fips mode not supported",
- r"FIPS PROVIDER.*could not load the shared library"
+ r"FIPS PROVIDER.*could not load the shared library",
+ r"FIPS PROVIDER.*missing config data"
]
self.events.count = 1
self.events.success = [
@@ -88,7 +89,7 @@ class FailureCiphersuitesFIPS(StunnelTest):
"FIPS provider not available",
"fips mode not supported",
r"FIPS PROVIDER.*could not load the shared library",
- "Specified option name is not valid here"
+ r"FIPS PROVIDER.*missing config data"
]
self.events.count = 1
self.events.success = [
@@ -147,7 +148,8 @@ class FailureEllipticCurveFIPS(StunnelTest):
self.events.skip = [
"FIPS provider not available",
"fips mode not supported",
- r"FIPS PROVIDER.*could not load the shared library"
+ r"FIPS PROVIDER.*could not load the shared library",
+ r"FIPS PROVIDER.*missing config data"
]
self.events.count = 1
self.events.success = [
--
2.37.3