git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/blob

   1 From 04728a5b73e870b4695c5e7ba42fa41c00471944 Mon Sep 17 00:00:00 2001
   2 From: Ross Burton <ross.burton@arm.com>
   3 Date: Fri, 12 May 2023 20:19:35 +0100
   4 Subject: [PATCH] tls/tests: disable PKCS#11 tests if not available
   5
   6 GnuTLS can be built without PKCS#11, which means the symbols
   7 gnutls_pkcs11_init and gnutls_pkcs11_add_provider are not part of the
   8 library.
   9
  10 If these symbols don't exist in GnuTLS then we can't add a mock pkcs#11
  11 provider for testing, and several tests which need the mock provider
  12 will fail.
  13
  14 Solve this by checking for the symbols at build time and disabling the
  15 provider and tests which need it.
  16
  17 Upstream-Status: Backport
  18 Signed-off-by: Ross Burton <ross.burton@arm.com>
  19 ---
  20  meson.build             |  4 ++++
  21  tls/tests/certificate.c | 11 +++++++----
  22  tls/tests/connection.c  |  4 +++-
  23  3 files changed, 14 insertions(+), 5 deletions(-)
  24
  25 diff --git a/meson.build b/meson.build
  26 index 0fa9027..d2a023a 100644
  27 --- a/meson.build
  28 +++ b/meson.build
  29 @@ -84,6 +84,10 @@ gnutls_dep = dependency('gnutls', version: '>= 3.7.4', required: get_option('gnu
  30
  31  if gnutls_dep.found()
  32    backends += ['gnutls']
  33 +  # test-specific, maybe move to tls/tests
  34 +  if cc.has_function('gnutls_pkcs11_init', prefix: '#include <gnutls/pkcs11.h>', dependencies: gnutls_dep)
  35 +    config_h.set10('HAVE_GNUTLS_PKCS11', true)
  36 +  endif
  37  endif
  38
  39  # *** Checks for OpenSSL    ***
  40 diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
  41 index e820ba1..dd2412b 100644
  42 --- a/tls/tests/certificate.c
  43 +++ b/tls/tests/certificate.c
  44 @@ -24,6 +24,7 @@
  45   * Author: Stef Walter <stefw@collabora.co.uk>
  46   */
  47
  48 +#include "config.h"
  49  #include "certificate.h"
  50
  51  #include <gio/gio.h>
  52 @@ -911,7 +912,7 @@ int
  53  main (int   argc,
  54        char *argv[])
  55  {
  56 -#ifdef BACKEND_IS_GNUTLS
  57 +#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
  58    char *module_path;
  59  #endif
  60
  61 @@ -921,7 +922,7 @@ main (int   argc,
  62    g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
  63    g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0);
  64
  65 -#ifdef BACKEND_IS_GNUTLS
  66 +#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
  67    module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
  68    g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
  69
  70 @@ -942,12 +943,14 @@ main (int   argc,
  71                setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
  72    g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL,
  73                setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate);
  74 -  g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
  75 -              setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
  76    g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL,
  77                setup_certificate, test_private_key, teardown_certificate);
  78 +#if HAVE_GNUTLS_PKCS11
  79 +  g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
  80 +              setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
  81    g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL,
  82                setup_certificate, test_private_key_pkcs11, teardown_certificate);
  83 +#endif
  84
  85    g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain);
  86    g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain);
  87 diff --git a/tls/tests/connection.c b/tls/tests/connection.c
  88 index 17efe1b..62a7fbb 100644
  89 --- a/tls/tests/connection.c
  90 +++ b/tls/tests/connection.c
  91 @@ -3376,7 +3376,7 @@ main (int   argc,
  92
  93    g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
  94
  95 -#ifdef BACKEND_IS_GNUTLS
  96 +#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
  97    module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
  98    g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
  99
 100 @@ -3438,8 +3438,10 @@ main (int   argc,
 101                setup_connection, test_client_auth_request_fail, teardown_connection);
 102    g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL,
 103                setup_connection, test_client_auth_request_none, teardown_connection);
 104 +#if HAVE_GNUTLS_PKCS11
 105    g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL,
 106                setup_connection, test_client_auth_pkcs11_connection, teardown_connection);
 107 +#endif
 108    g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL,
 109                setup_connection, test_connection_no_database, teardown_connection);
 110    g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL,
 111 --
 112 2.34.1
 113