genserv.pl: fail with a message if `openssl` is missing or failing

author Viktor Szakats <commit@vsz.me>

Wed, 2 Apr 2025 21:40:14 +0000 (23:40 +0200)

committer Viktor Szakats <commit@vsz.me>

Thu, 3 Apr 2025 12:17:37 +0000 (14:17 +0200)
author Viktor Szakats <commit@vsz.me>
Wed, 2 Apr 2025 21:40:14 +0000 (23:40 +0200)
committer Viktor Szakats <commit@vsz.me>
Thu, 3 Apr 2025 12:17:37 +0000 (14:17 +0200)
diff --git a/tests/certs/genserv.pl b/tests/certs/genserv.pl

index 5475ee96a9bf488319382cf9c62982d28379b7bf..4517d2b641604c4d9a35a847d1bec11d81b9e64c 100755 (executable)
--- a/tests/certs/genserv.pl
+++ b/tests/certs/genserv.pl
@@ -29,6 +29,12 @@ use warnings;
  use File::Basename;
  use File::Spec;
  
+sub opensslfail {
+    die "Missing or broken 'openssl' tool. openssl 1.0.2+ is required. ".
+        "Without it, this script cannot generate the necessary certificates ".
+        "the curl test suite needs for all its TLS related tests.";
+}
+
  my $OPENSSL = 'openssl';
  if(-f '/usr/local/ssl/bin/openssl') {
      $OPENSSL = '/usr/local/ssl/bin/openssl';
@@ -44,20 +50,25 @@ my $PREFIX;
  
  my $CAPREFIX = shift @ARGV;
  if(!$CAPREFIX) {
-    print "Usage: genserv.pl <caprefix> [<prefix> ...]\n";
+    print 'Usage: genserv.pl <caprefix> [<prefix> ...]\n';
      exit 1;
  } elsif(! -f "$CAPREFIX-ca.cacert" ||
          ! -f "$CAPREFIX-ca.key") {
  
      if($OPENSSL eq basename($OPENSSL)) {  # has no dir component
          # find openssl in PATH
+        my $found = 0;
          foreach(File::Spec->path()) {
              my $file = File::Spec->catfile($_, $OPENSSL);
              if(-f $file) {
                  $OPENSSL = $file;
+                $found = 1;
                  last;
              }
          }
+        if(!$found) {
+            opensslfail();
+        }
      }
  
      print "$OPENSSL\n";
@@ -66,8 +77,10 @@ if(!$CAPREFIX) {
      $PREFIX = $CAPREFIX;
      $DURATION = 6000;
  
-    system("$OPENSSL genpkey -algorithm EC -pkeyopt ec_paramgen_curve:$KEYSIZE -pkeyopt ec_param_enc:named_curve " .
-        "-out $PREFIX-ca.key -pass pass:secret");
+    if(system("$OPENSSL genpkey -algorithm EC -pkeyopt ec_paramgen_curve:$KEYSIZE -pkeyopt ec_param_enc:named_curve " .
+        "-out $PREFIX-ca.key -pass pass:secret") != 0) {
+        opensslfail();
+    }
      system("$OPENSSL req -config $SRCDIR/$PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret 2>$dev_null");
      system("$OPENSSL x509 -sha256 -extfile $SRCDIR/$PREFIX-ca.prm -days $DURATION " .
          "-req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-ca.raw-cacert");
author	Viktor Szakats <commit@vsz.me>
	Wed, 2 Apr 2025 21:40:14 +0000 (23:40 +0200)
committer	Viktor Szakats <commit@vsz.me>
	Thu, 3 Apr 2025 12:17:37 +0000 (14:17 +0200)