Unit tests: Test for PKCS#11 using a softhsm2 token
- Load some test certificate/key pairs into a temporary softhsm2 token
and enumerate available objects through pkcs11-helper interface
- For each object, load it into SSL_CTX and test sign (if using OpenSSL 3)
or check the certificate and public-key match (if using OpenSSl 1.1.1.).
The pkcs11-id for each object is specified directly or
through a mocked management callback to test pkcs11-id-management
Limitations:
Depends on libsofthsm2.so and p11tool (install softhsm2 and gnutls-bin
packages). Mbed-TLS/pkcs11-helper combination is not tested.
If locations of these binaries are not auto-detected or need to be
overridden, use -DSOFTHSM2_UTIL=<path> -DP11TOOL=<path> to configure.
Location of SOFTHSM2_MODULE is not auto-detected and defaults to
/usr/lib/softhsm/libsofthsm2.so. It may be changed by passing
-DSOFTHSM2_MODULE=/some-path/libsofthsm2.so to configure.
Also see "configure --help".
The test is enabled only if --enable-pkcs11 is in use, and SOFTHSM2_UTIL
& P11TOOL are found in path or manually defined during configuring.
Changes relative to github PR
- Explicitly disable building the test on Windows: need to port mkstemp,
mkdtemp, setenv etc., before enabling this on Windows.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <
20230322221456.
1660425-2-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26483.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>