a7cc901333
Update the default TLS version patch to no longer include a large amount of whitespace in its "Using the default TLS version as specified in its OpenSSL crypto policies. Not setting explicitly." message. The whitespace was caused by a line continuation, which is now replaced by string literal concatenation. Patch one of the FIPS tests to address changed error behavior when a cipher suite is not available in OpenSSL 3. Switch to package URL to https. Upstream has done the same in the spec file in the tarball. Add build dependencies for python3 and the openssl command line tool. Both are used in tests now. Drop a sed expression applied to the configure script that no longer does anything and remove environment variables from testing that are no longer required to make the tests pass. Resolves: rhbz#2039299 Signed-off-by: Clemens Lang <cllang@redhat.com>
20 lines
942 B
Diff
20 lines
942 B
Diff
tests: Adapt to OpenSSL 3.x FIPS mode
|
|
|
|
In OpenSSL 3.0 with FIPS enabled, this test no longer fails with
|
|
a human-readable error message (such as "no ciphers available"), but
|
|
instead causes an internal error. Extend the success regex list to also
|
|
accept this result.
|
|
diff -up stunnel-5.61/tests/plugins/p11_fips_cipher.py.openssl30 stunnel-5.61/tests/plugins/p11_fips_cipher.py
|
|
--- stunnel-5.61/tests/plugins/p11_fips_cipher.py.openssl30 2022-01-12 15:15:03.211690650 +0100
|
|
+++ stunnel-5.61/tests/plugins/p11_fips_cipher.py 2022-01-12 15:15:20.937008173 +0100
|
|
@@ -91,7 +91,8 @@ class FailureCiphersuitesFIPS(StunnelTes
|
|
self.events.count = 1
|
|
self.events.success = [
|
|
"disabled for FIPS",
|
|
- "no ciphers available"
|
|
+ "no ciphers available",
|
|
+ "TLS alert \\(write\\): fatal: internal error"
|
|
]
|
|
self.events.failure = [
|
|
"peer did not return a certificate",
|