| From 04728a5b73e870b4695c5e7ba42fa41c00471944 Mon Sep 17 00:00:00 2001 |
| From: Ross Burton <ross.burton@arm.com> |
| Date: Fri, 12 May 2023 20:19:35 +0100 |
| Subject: [PATCH] tls/tests: disable PKCS#11 tests if not available |
| |
| GnuTLS can be built without PKCS#11, which means the symbols |
| gnutls_pkcs11_init and gnutls_pkcs11_add_provider are not part of the |
| library. |
| |
| If these symbols don't exist in GnuTLS then we can't add a mock pkcs#11 |
| provider for testing, and several tests which need the mock provider |
| will fail. |
| |
| Solve this by checking for the symbols at build time and disabling the |
| provider and tests which need it. |
| |
| Upstream-Status: Backport |
| Signed-off-by: Ross Burton <ross.burton@arm.com> |
| --- |
| meson.build | 4 ++++ |
| tls/tests/certificate.c | 11 +++++++---- |
| tls/tests/connection.c | 4 +++- |
| 3 files changed, 14 insertions(+), 5 deletions(-) |
| |
| diff --git a/meson.build b/meson.build |
| index 0fa9027..d2a023a 100644 |
| --- a/meson.build |
| +++ b/meson.build |
| @@ -84,6 +84,10 @@ gnutls_dep = dependency('gnutls', version: '>= 3.7.4', required: get_option('gnu |
| |
| if gnutls_dep.found() |
| backends += ['gnutls'] |
| + # test-specific, maybe move to tls/tests |
| + if cc.has_function('gnutls_pkcs11_init', prefix: '#include <gnutls/pkcs11.h>', dependencies: gnutls_dep) |
| + config_h.set10('HAVE_GNUTLS_PKCS11', true) |
| + endif |
| endif |
| |
| # *** Checks for OpenSSL *** |
| diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c |
| index e820ba1..dd2412b 100644 |
| --- a/tls/tests/certificate.c |
| +++ b/tls/tests/certificate.c |
| @@ -24,6 +24,7 @@ |
| * Author: Stef Walter <stefw@collabora.co.uk> |
| */ |
| |
| +#include "config.h" |
| #include "certificate.h" |
| |
| #include <gio/gio.h> |
| @@ -911,7 +912,7 @@ int |
| main (int argc, |
| char *argv[]) |
| { |
| -#ifdef BACKEND_IS_GNUTLS |
| +#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11 |
| char *module_path; |
| #endif |
| |
| @@ -921,7 +922,7 @@ main (int argc, |
| g_setenv ("GIO_USE_TLS", BACKEND, TRUE); |
| g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0); |
| |
| -#ifdef BACKEND_IS_GNUTLS |
| +#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11 |
| module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL); |
| g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS)); |
| |
| @@ -942,12 +943,14 @@ main (int argc, |
| setup_certificate, test_create_certificate_with_issuer, teardown_certificate); |
| g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL, |
| setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate); |
| - g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL, |
| - setup_certificate, test_create_certificate_pkcs11, teardown_certificate); |
| g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL, |
| setup_certificate, test_private_key, teardown_certificate); |
| +#if HAVE_GNUTLS_PKCS11 |
| + g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL, |
| + setup_certificate, test_create_certificate_pkcs11, teardown_certificate); |
| g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL, |
| setup_certificate, test_private_key_pkcs11, teardown_certificate); |
| +#endif |
| |
| g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain); |
| g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain); |
| diff --git a/tls/tests/connection.c b/tls/tests/connection.c |
| index 17efe1b..62a7fbb 100644 |
| --- a/tls/tests/connection.c |
| +++ b/tls/tests/connection.c |
| @@ -3376,7 +3376,7 @@ main (int argc, |
| |
| g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0); |
| |
| -#ifdef BACKEND_IS_GNUTLS |
| +#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11 |
| module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL); |
| g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS)); |
| |
| @@ -3438,8 +3438,10 @@ main (int argc, |
| setup_connection, test_client_auth_request_fail, teardown_connection); |
| g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL, |
| setup_connection, test_client_auth_request_none, teardown_connection); |
| +#if HAVE_GNUTLS_PKCS11 |
| g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL, |
| setup_connection, test_client_auth_pkcs11_connection, teardown_connection); |
| +#endif |
| g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL, |
| setup_connection, test_connection_no_database, teardown_connection); |
| g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL, |
| -- |
| 2.34.1 |
| |