From: Viktor Szakats <commit@vsz.me>
Date: Wed, 2 Apr 2025 21:40:14 +0000 (+0200)
Subject: genserv.pl: fail with a message if `openssl` is missing or failing
X-Git-Tag: curl-8_14_0~386
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3d4e4a18740585c01c1314fbca849e47229461e6;p=thirdparty%2Fcurl.git

genserv.pl: fail with a message if `openssl` is missing or failing

Reported-by: Tomas Volf
Fixes #16926
Follow-up to 44341e736a3e2f7a2b25a774be3a9796e81abab9 #16824
Ref: #16928
Co-authored-by: Daniel Stenberg
Closes #16929
---

diff --git a/tests/certs/genserv.pl b/tests/certs/genserv.pl
index 5475ee96a9..4517d2b641 100755
--- a/tests/certs/genserv.pl
+++ b/tests/certs/genserv.pl
@@ -29,6 +29,12 @@ use warnings;
 use File::Basename;
 use File::Spec;
 
+sub opensslfail {
+    die "Missing or broken 'openssl' tool. openssl 1.0.2+ is required. ".
+        "Without it, this script cannot generate the necessary certificates ".
+        "the curl test suite needs for all its TLS related tests.";
+}
+
 my $OPENSSL = 'openssl';
 if(-f '/usr/local/ssl/bin/openssl') {
     $OPENSSL = '/usr/local/ssl/bin/openssl';
@@ -44,20 +50,25 @@ my $PREFIX;
 
 my $CAPREFIX = shift @ARGV;
 if(!$CAPREFIX) {
-    print "Usage: genserv.pl <caprefix> [<prefix> ...]\n";
+    print 'Usage: genserv.pl <caprefix> [<prefix> ...]\n';
     exit 1;
 } elsif(! -f "$CAPREFIX-ca.cacert" ||
         ! -f "$CAPREFIX-ca.key") {
 
     if($OPENSSL eq basename($OPENSSL)) {  # has no dir component
         # find openssl in PATH
+        my $found = 0;
         foreach(File::Spec->path()) {
             my $file = File::Spec->catfile($_, $OPENSSL);
             if(-f $file) {
                 $OPENSSL = $file;
+                $found = 1;
                 last;
             }
         }
+        if(!$found) {
+            opensslfail();
+        }
     }
 
     print "$OPENSSL\n";
@@ -66,8 +77,10 @@ if(!$CAPREFIX) {
     $PREFIX = $CAPREFIX;
     $DURATION = 6000;
 
-    system("$OPENSSL genpkey -algorithm EC -pkeyopt ec_paramgen_curve:$KEYSIZE -pkeyopt ec_param_enc:named_curve " .
-        "-out $PREFIX-ca.key -pass pass:secret");
+    if(system("$OPENSSL genpkey -algorithm EC -pkeyopt ec_paramgen_curve:$KEYSIZE -pkeyopt ec_param_enc:named_curve " .
+        "-out $PREFIX-ca.key -pass pass:secret") != 0) {
+        opensslfail();
+    }
     system("$OPENSSL req -config $SRCDIR/$PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret 2>$dev_null");
     system("$OPENSSL x509 -sha256 -extfile $SRCDIR/$PREFIX-ca.prm -days $DURATION " .
         "-req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-ca.raw-cacert");