Patch the kerbeos5 tests

author Bob Beck <beck@openssl.org>

Thu, 19 Feb 2026 22:42:33 +0000 (15:42 -0700)

committer Neil Horman <nhorman@openssl.org>

Tue, 24 Feb 2026 18:53:17 +0000 (13:53 -0500)
author Bob Beck <beck@openssl.org>
Thu, 19 Feb 2026 22:42:33 +0000 (15:42 -0700)
committer Neil Horman <nhorman@openssl.org>
Tue, 24 Feb 2026 18:53:17 +0000 (13:53 -0500)
diff --git a/test/recipes/95-test_external_krb5_data/krb5.sh b/test/recipes/95-test_external_krb5_data/krb5.sh

index eeaa59f9610b941e857209b575a923b9162d438a..791fdd0f47abdfd242432d7003c418cb6ebbfdad 100755 (executable)
--- a/test/recipes/95-test_external_krb5_data/krb5.sh
+++ b/test/recipes/95-test_external_krb5_data/krb5.sh
@@ -11,7 +11,26 @@
  LDFLAGS="-L`pwd`/$BLDTOP -Wl,-rpath,`pwd`/$BLDTOP"
  CFLAGS="-I`pwd`/$BLDTOP/include -I`pwd`/$SRCTOP/include"
  
-cd $SRCTOP/krb5/src
+unpatch() {
+    cd "$SRC_ABS_TOP/krb5" && git reset --hard "$GITLEVEL"
+}
+
+trap unpatch EXIT
+
+cd $SRCTOP
+SRC_ABS_TOP=$PWD;
+DATA_ABS_TOP=$SRC_ABS_TOP/test/recipes/95-test_external_krb5_data
+
+cd $SRC_ABS_TOP/krb5
+GITLEVEL=$(git rev-parse HEAD)
+# "git am" refuses to run without a user configured.
+for FILE in "$DATA_ABS_TOP"/patches/*; do
+    if [ -f "$FILE" ]; then
+       git -c 'user.name=OpenSSL External Tests' -c 'user.email=nonsuch@openssl.org' am $FILE
+    fi
+done
+cd $SRC_ABS_TOP/krb5/src
+
  autoreconf
  ./configure --with-ldap --with-prng-alg=os --enable-pkinit \
              --with-crypto-impl=openssl --with-tls-impl=openssl \
diff --git a/test/recipes/95-test_external_krb5_data/patches/0001-constify-X509_EXTENSION-return-values.patch b/test/recipes/95-test_external_krb5_data/patches/0001-constify-X509_EXTENSION-return-values.patch

new file mode 100644 (file)

index 0000000..46cc217
--- /dev/null
+++ b/test/recipes/95-test_external_krb5_data/patches/0001-constify-X509_EXTENSION-return-values.patch
@@ -0,0 +1,39 @@
+From d7699a98e33376bccf3221bfd46c9e3519e1fdd2 Mon Sep 17 00:00:00 2001
+From: Bob Beck <beck@openssl.org>
+Date: Mon, 22 Dec 2025 15:34:19 -0700
+Subject: [PATCH] constify X509_EXTENSION return values
+
+---
+ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 2 +-
+ src/plugins/tls/k5tls/openssl.c                    | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+index d1fe18e5a..27dfca6e1 100644
+--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+@@ -2316,7 +2316,7 @@ crypto_retrieve_X509_sans(krb5_context context,
+     char **upns = NULL;
+     unsigned char **dnss = NULL;
+     unsigned int i, num_sans = 0;
+-    X509_EXTENSION *ext = NULL;
++    const X509_EXTENSION *ext = NULL;
+     GENERAL_NAMES *ialt = NULL;
+     GENERAL_NAME *gen = NULL;
+ 
+diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
+index aab67c01c..c3a253009 100644
+--- a/src/plugins/tls/k5tls/openssl.c
++++ b/src/plugins/tls/k5tls/openssl.c
+@@ -142,7 +142,7 @@ static GENERAL_NAMES *
+ get_cert_sans(X509 *x)
+ {
+     int ext;
+-    X509_EXTENSION *san_ext;
++    const X509_EXTENSION *san_ext;
+ 
+     ext = X509_get_ext_by_NID(x, NID_subject_alt_name, -1);
+     if (ext < 0)
+-- 
+2.52.0
+
author	Bob Beck <beck@openssl.org>
	Thu, 19 Feb 2026 22:42:33 +0000 (15:42 -0700)
committer	Neil Horman <nhorman@openssl.org>
	Tue, 24 Feb 2026 18:53:17 +0000 (13:53 -0500)
test/recipes/95-test_external_krb5_data/krb5.sh		patch \| blob \| blame \| history
test/recipes/95-test_external_krb5_data/patches/0001-constify-X509_EXTENSION-return-values.patch	[new file with mode: 0644]	patch \| blob