1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
From 04728a5b73e870b4695c5e7ba42fa41c00471944 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Fri, 12 May 2023 20:19:35 +0100
Subject: [PATCH] tls/tests: disable PKCS#11 tests if not available
GnuTLS can be built without PKCS#11, which means the symbols
gnutls_pkcs11_init and gnutls_pkcs11_add_provider are not part of the
library.
If these symbols don't exist in GnuTLS then we can't add a mock pkcs#11
provider for testing, and several tests which need the mock provider
will fail.
Solve this by checking for the symbols at build time and disabling the
provider and tests which need it.
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
meson.build | 4 ++++
tls/tests/certificate.c | 11 +++++++----
tls/tests/connection.c | 4 +++-
3 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/meson.build b/meson.build
index 0fa9027..d2a023a 100644
--- a/meson.build
+++ b/meson.build
@@ -84,6 +84,10 @@ gnutls_dep = dependency('gnutls', version: '>= 3.7.4', required: get_option('gnu
if gnutls_dep.found()
backends += ['gnutls']
+ # test-specific, maybe move to tls/tests
+ if cc.has_function('gnutls_pkcs11_init', prefix: '#include <gnutls/pkcs11.h>', dependencies: gnutls_dep)
+ config_h.set10('HAVE_GNUTLS_PKCS11', true)
+ endif
endif
# *** Checks for OpenSSL ***
diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
index e820ba1..dd2412b 100644
--- a/tls/tests/certificate.c
+++ b/tls/tests/certificate.c
@@ -24,6 +24,7 @@
* Author: Stef Walter <stefw@collabora.co.uk>
*/
+#include "config.h"
#include "certificate.h"
#include <gio/gio.h>
@@ -911,7 +912,7 @@ int
main (int argc,
char *argv[])
{
-#ifdef BACKEND_IS_GNUTLS
+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
char *module_path;
#endif
@@ -921,7 +922,7 @@ main (int argc,
g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0);
-#ifdef BACKEND_IS_GNUTLS
+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
@@ -942,12 +943,14 @@ main (int argc,
setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL,
setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate);
- g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
- setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL,
setup_certificate, test_private_key, teardown_certificate);
+#if HAVE_GNUTLS_PKCS11
+ g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
+ setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL,
setup_certificate, test_private_key_pkcs11, teardown_certificate);
+#endif
g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain);
g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain);
diff --git a/tls/tests/connection.c b/tls/tests/connection.c
index 17efe1b..62a7fbb 100644
--- a/tls/tests/connection.c
+++ b/tls/tests/connection.c
@@ -3376,7 +3376,7 @@ main (int argc,
g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
-#ifdef BACKEND_IS_GNUTLS
+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
@@ -3438,8 +3438,10 @@ main (int argc,
setup_connection, test_client_auth_request_fail, teardown_connection);
g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL,
setup_connection, test_client_auth_request_none, teardown_connection);
+#if HAVE_GNUTLS_PKCS11
g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL,
setup_connection, test_client_auth_pkcs11_connection, teardown_connection);
+#endif
g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL,
setup_connection, test_connection_no_database, teardown_connection);
g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL,
--
2.34.1
|
