Add patch to for passing certificate chain validation
This patch fixes test errors on Fedora Rawhide due to the change in the min-verification-profile setting in gnutls.config. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger
parent
8ab2c96965
commit
ac941adb9f
@ -0,0 +1,56 @@
|
|||||||
|
From f5bd8ba14f5165bc5b7cd3b20a7ba07f6acbfffe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stefan Berger <stefanb@linux.ibm.com>
|
||||||
|
Date: Fri, 31 Jul 2020 10:47:27 -0400
|
||||||
|
Subject: [PATCH] tests: Modify sample key to be 2048 bit rather than only 2033
|
||||||
|
bit
|
||||||
|
|
||||||
|
The generated sample keys started with 00010203, thus leaving the upper
|
||||||
|
15 bits of the key as '0', which in turn causes gnutls to think that the
|
||||||
|
key is only 2033 bit long, thus rejecting certificate verification once
|
||||||
|
the min-verification-profile is set to 'medium' in gnutls's config file
|
||||||
|
in /etc/crypto-policies/back-ends/gnutls.config.
|
||||||
|
|
||||||
|
We now create sample keys starting with 800102, which sets the highest bit.
|
||||||
|
|
||||||
|
This fixes test errors on Fedora Rawhide due to the change in the
|
||||||
|
min-verification-profile setting in gnutls.config.
|
||||||
|
|
||||||
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||||
|
---
|
||||||
|
tests/test_tpm2_samples_swtpm_localca | 4 ++--
|
||||||
|
tests/test_tpm2_samples_swtpm_localca_pkcs11 | 4 ++--
|
||||||
|
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/test_tpm2_samples_swtpm_localca b/tests/test_tpm2_samples_swtpm_localca
|
||||||
|
index 3611b9d2..11ad10ba 100755
|
||||||
|
--- a/tests/test_tpm2_samples_swtpm_localca
|
||||||
|
+++ b/tests/test_tpm2_samples_swtpm_localca
|
||||||
|
@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca
|
||||||
|
|
||||||
|
workdir=$(mktemp -d "/tmp/path with spaces.XXXXXX")
|
||||||
|
|
||||||
|
-ek=""
|
||||||
|
-for ((i = 0; i < 256; i++)); do
|
||||||
|
+ek="80" # 2048 bit key must have highest bit set
|
||||||
|
+for ((i = 1; i < 256; i++)); do
|
||||||
|
ek="${ek}$(printf "%02x" $i)"
|
||||||
|
done
|
||||||
|
|
||||||
|
diff --git a/tests/test_tpm2_samples_swtpm_localca_pkcs11 b/tests/test_tpm2_samples_swtpm_localca_pkcs11
|
||||||
|
index 5d0d1d45..372a6391 100755
|
||||||
|
--- a/tests/test_tpm2_samples_swtpm_localca_pkcs11
|
||||||
|
+++ b/tests/test_tpm2_samples_swtpm_localca_pkcs11
|
||||||
|
@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca
|
||||||
|
|
||||||
|
workdir=$(mktemp -d)
|
||||||
|
|
||||||
|
-ek=""
|
||||||
|
-for ((i = 0; i < 256; i++)); do
|
||||||
|
+ek="80" # 2048 bit key must have highest bit set
|
||||||
|
+for ((i = 1; i < 256; i++)); do
|
||||||
|
ek="${ek}$(printf "%02x" $i)"
|
||||||
|
done
|
||||||
|
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
||||||
@ -12,12 +12,13 @@
|
|||||||
Summary: TPM Emulator
|
Summary: TPM Emulator
|
||||||
Name: swtpm
|
Name: swtpm
|
||||||
Version: 0.3.0
|
Version: 0.3.0
|
||||||
Release: 3.%{gitdate}git%{gitshortcommit}%{?dist}
|
Release: 4.%{gitdate}git%{gitshortcommit}%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Url: http://github.com/stefanberger/swtpm
|
Url: http://github.com/stefanberger/swtpm
|
||||||
Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
|
Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
|
||||||
|
|
||||||
Patch0001: 0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch
|
Patch0001: 0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch
|
||||||
|
Patch0002: 0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch
|
||||||
|
|
||||||
BuildRequires: git-core
|
BuildRequires: git-core
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user