rpms/stunnel
7
0
Fork 0
Code Issues Pull Requests Releases Activity
ed2a8b43b9
stunnel/stunnel-5.61-fips-test.patch

59 lines
2.8 KiB
Diff
Raw Normal View History

New upstream release 5.61 Fixes #1887204. Update the default TLS version patch to no longer include a large amount of whitespace in its "Using the default TLS version as specified in its OpenSSL crypto policies. Not setting explicitly." message. The whitespace was caused by a line continuation, which is now replaced by string literal concatenation. Patch the FIPS tests to be skipped when stunnel is compiled against an OpenSSL 3.x configured with enable-fips, but without the required configuration that would be installed by a system administrator using openssl fipsinstall. This matches the behavior when compiled against OpenSSL 3.x configured without enable-fips. Switch to package URL to https. Upstream has done the same in the spec file in the tarball. Add build dependencies for python3 and the openssl command line tool. Both are used in tests now. Drop a sed expression applied to the configure script that no longer does anything and remove environment variables from testing that are no longer required to make the tests pass.
2022-01-12 11:09:33 +00:00
Skip FIPS tests if FIPS is unconfigured
When built against OpenSSL 3 with the enable-fips option, the FIPS
shared library can be loaded, but unless the system administrator has
run openssl fipsinstall and modified the OpenSSL configuration, FIPS
mode will still fail with an error message saying it is missing config
data.
Since this does not indicate a problem with stunnel's code, but with the
underlying OpenSSL setup, skip the test if this occurs. This is the same
behavior when running against a copy of OpenSSL 3.x that was not built with
'enable-fips'.
diff -up stunnel-5.61/tests/plugins/p10_fips.py.fips-tests stunnel-5.61/tests/plugins/p10_fips.py
--- stunnel-5.61/tests/plugins/p10_fips.py.fips-tests 2022-01-12 11:40:11.121241545 +0100
+++ stunnel-5.61/tests/plugins/p10_fips.py 2022-01-12 11:45:01.791364483 +0100
@@ -29,7 +29,8 @@ class FIPSTest(StunnelTest):
self.events.skip = [
"FIPS provider not available",
"fips mode not supported",
- r"FIPS PROVIDER.*could not load the shared library"
+ r"FIPS PROVIDER.*could not load the shared library",
+ r"FIPS PROVIDER.*missing config data"
]
self.events.failure = [
"peer did not return a certificate",
diff -up stunnel-5.61/tests/plugins/p11_fips_cipher.py.fips-tests stunnel-5.61/tests/plugins/p11_fips_cipher.py
--- stunnel-5.61/tests/plugins/p11_fips_cipher.py.fips-tests 2022-01-12 11:40:16.192330329 +0100
+++ stunnel-5.61/tests/plugins/p11_fips_cipher.py 2022-01-12 11:52:22.159227499 +0100
@@ -30,7 +30,8 @@ class FailureCipherFIPS(StunnelTest):
self.events.skip = [
"FIPS provider not available",
"fips mode not supported",
- r"FIPS PROVIDER.*could not load the shared library"
+ r"FIPS PROVIDER.*could not load the shared library",
+ r"FIPS PROVIDER.*missing config data"
]
self.events.count = 1
self.events.success = [
@@ -86,7 +87,8 @@ class FailureCiphersuitesFIPS(StunnelTes
self.events.skip = [
"FIPS provider not available",
"fips mode not supported",
- r"FIPS PROVIDER.*could not load the shared library"
+ r"FIPS PROVIDER.*could not load the shared library",
+ r"FIPS PROVIDER.*missing config data"
]
self.events.count = 1
self.events.success = [
@@ -145,7 +147,8 @@ class FailureEllipticCurveFIPS(StunnelTe
self.events.skip = [
"FIPS provider not available",
"fips mode not supported",
- r"FIPS PROVIDER.*could not load the shared library"
+ r"FIPS PROVIDER.*could not load the shared library",
+ r"FIPS PROVIDER.*missing config data"
]
self.events.count = 1
self.events.success = [
Reference in New Issue Copy Permalink