2022-09-12 10:11:10 +00:00
|
|
|
From ba3b7eace6f1fd5797be649dd7ba87b3ec988293 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Clemens Lang <cllang@redhat.com>
|
|
|
|
Date: Mon, 12 Sep 2022 11:07:38 +0200
|
|
|
|
Subject: [PATCH 7/8] Skip FIPS tests if FIPS is unconfigured
|
2022-01-12 11:09:33 +00:00
|
|
|
|
|
|
|
When built against OpenSSL 3 with the enable-fips option, the FIPS
|
|
|
|
shared library can be loaded, but unless the system administrator has
|
|
|
|
run openssl fipsinstall and modified the OpenSSL configuration, FIPS
|
|
|
|
mode will still fail with an error message saying it is missing config
|
|
|
|
data.
|
|
|
|
|
|
|
|
Since this does not indicate a problem with stunnel's code, but with the
|
|
|
|
underlying OpenSSL setup, skip the test if this occurs. This is the same
|
2022-09-12 10:11:10 +00:00
|
|
|
behavior when running against a copy of OpenSSL 3.x that was not built
|
|
|
|
with 'enable-fips'.
|
2022-02-04 14:44:10 +00:00
|
|
|
|
|
|
|
Upstream-Status: Inappropriate [configuration]
|
2022-09-12 10:11:10 +00:00
|
|
|
Patch-status: Skip FIPS tests if FIPS is unconfigured
|
|
|
|
Patch-name: stunnel-5.61-fips-test.patch
|
|
|
|
Patch-id: 7
|
|
|
|
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
|
|
|
|
---
|
|
|
|
tests/plugins/p10_fips.py | 3 ++-
|
|
|
|
tests/plugins/p11_fips_cipher.py | 8 +++++---
|
|
|
|
2 files changed, 7 insertions(+), 4 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/tests/plugins/p10_fips.py b/tests/plugins/p10_fips.py
|
|
|
|
index 5d2bc56..68680c0 100644
|
|
|
|
--- a/tests/plugins/p10_fips.py
|
|
|
|
+++ b/tests/plugins/p10_fips.py
|
2022-01-12 11:09:33 +00:00
|
|
|
@@ -29,7 +29,8 @@ class FIPSTest(StunnelTest):
|
|
|
|
self.events.skip = [
|
|
|
|
"FIPS provider not available",
|
|
|
|
"fips mode not supported",
|
|
|
|
- r"FIPS PROVIDER.*could not load the shared library"
|
|
|
|
+ r"FIPS PROVIDER.*could not load the shared library",
|
|
|
|
+ r"FIPS PROVIDER.*missing config data"
|
|
|
|
]
|
|
|
|
self.events.failure = [
|
|
|
|
"peer did not return a certificate",
|
2022-09-12 10:11:10 +00:00
|
|
|
diff --git a/tests/plugins/p11_fips_cipher.py b/tests/plugins/p11_fips_cipher.py
|
|
|
|
index 0280a1d..22eebd7 100644
|
|
|
|
--- a/tests/plugins/p11_fips_cipher.py
|
|
|
|
+++ b/tests/plugins/p11_fips_cipher.py
|
2022-01-12 11:09:33 +00:00
|
|
|
@@ -30,7 +30,8 @@ class FailureCipherFIPS(StunnelTest):
|
|
|
|
self.events.skip = [
|
|
|
|
"FIPS provider not available",
|
|
|
|
"fips mode not supported",
|
|
|
|
- r"FIPS PROVIDER.*could not load the shared library"
|
|
|
|
+ r"FIPS PROVIDER.*could not load the shared library",
|
|
|
|
+ r"FIPS PROVIDER.*missing config data"
|
|
|
|
]
|
|
|
|
self.events.count = 1
|
|
|
|
self.events.success = [
|
2022-09-12 10:11:10 +00:00
|
|
|
@@ -88,7 +89,7 @@ class FailureCiphersuitesFIPS(StunnelTest):
|
2022-01-12 11:09:33 +00:00
|
|
|
"FIPS provider not available",
|
|
|
|
"fips mode not supported",
|
2022-09-12 10:11:10 +00:00
|
|
|
r"FIPS PROVIDER.*could not load the shared library",
|
|
|
|
- "Specified option name is not valid here"
|
2022-01-12 11:09:33 +00:00
|
|
|
+ r"FIPS PROVIDER.*missing config data"
|
|
|
|
]
|
|
|
|
self.events.count = 1
|
|
|
|
self.events.success = [
|
2022-09-12 10:11:10 +00:00
|
|
|
@@ -147,7 +148,8 @@ class FailureEllipticCurveFIPS(StunnelTest):
|
2022-01-12 11:09:33 +00:00
|
|
|
self.events.skip = [
|
|
|
|
"FIPS provider not available",
|
|
|
|
"fips mode not supported",
|
|
|
|
- r"FIPS PROVIDER.*could not load the shared library"
|
|
|
|
+ r"FIPS PROVIDER.*could not load the shared library",
|
|
|
|
+ r"FIPS PROVIDER.*missing config data"
|
|
|
|
]
|
|
|
|
self.events.count = 1
|
|
|
|
self.events.success = [
|
2022-09-12 10:11:10 +00:00
|
|
|
--
|
|
|
|
2.37.3
|
|
|
|
|