Changeset 8731286 in mod_gnutls


Ignore:
Timestamp:
Feb 5, 2015, 1:11:44 PM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
eea8a16
Parents:
5a8a32b (diff), 9a06bbd (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge branch 'split-testsuite' into client-verify-fix

This merge will make it much easier to add a test to check if commit
5a8a32bbfb8a83fe6358c5c31c443325a7775fc2 ("TLS Client auth: Check server
verify mode if unset for dir") fixes the security issue described there.

Files:
20 added
2 deleted
2 edited
92 moved

Legend:

Unmodified
Added
Removed
  • Makefile.am

    r5a8a32b r8731286  
    88                NOTICE LICENSE autogen.sh
    99
    10 SUBDIRS = src
     10SUBDIRS = src test
    1111ACLOCAL_AMFLAGS = -I m4
    12 TESTS = run_tests.sh
  • configure.ac

    r5a8a32b r8731286  
    5959               [enable Monkeysphere client certificate verification]),
    6060       use_msva=$enableval, use_msva=no)
     61AM_CONDITIONAL([USE_MSVA], [test "$use_msva" = "$enableval"])
    6162
    6263MSVA_CFLAGS=""
     
    8283AC_SUBST(MODULE_LIBS)
    8384
    84 AC_CONFIG_FILES([Makefile src/Makefile include/mod_gnutls.h])
     85AC_CONFIG_FILES([Makefile src/Makefile test/Makefile include/mod_gnutls.h])
    8586AC_OUTPUT
    8687
  • test/.gitignore

    r5a8a32b r8731286  
    1414authority.template
    1515msva.gnupghome
     16*.log
     17*.trs
     18test.lock
  • test/README

    r5a8a32b r8731286  
    1111=================
    1212
    13 from the top level of the source, just run:
     13from the top level of the source, or from test/ (where this README is),
     14just run:
    1415
    1516 make check
    1617
    17 from t/ (where this README is), just run:
     18from test/ you can also run specific tests (identified by number) with:
    1819
    19  make
    20 
    21 also from t/ you can also run specific tests (identified by number)
    22 with:
    23 
    24  make t-3
     20 make -f TestMakefile t-3
    2521
    2622This should be handy when you're just trying to experiment with a new
     
    3329Please add more tests!
    3430
    35 The simplest way to add a test is (from t/):
     31The simplest way to add a test is (from test/):
    3632
    3733 ./newtest
    3834
    39 This will prompt you for a simple name for the test and then copy a starting
    40 set of files from tests/00_basic.
     35This will prompt you for a simple name for the test and then copy a
     36starting set of files from tests/00_basic, and create a script which
     37you can add to TESTS in Makefile.am when your test is ready for
     38inclusion in the test suite.
    4139
    4240
     
    4442==============
    4543
    46 Each test consists of a directory in t/tests/, which will cause the
     44Each test consists of a directory in test/tests/, which will cause the
    4745test suite to spin up an isolated apache instance and try to connect
    4846to it with gnutls-cli and make a simple HTTP 1.1 request.
  • test/TestMakefile

    r5a8a32b r8731286  
    1515export TEST_QUERY_DELAY ?= 2
    1616
     17TEST_LOCK := ./test.lock
     18
    1719all: setup.done
    18         ./runtests
     20        TEST_LOCK=$(TEST_LOCK) ./runtests
    1921
    2022t-%: setup.done
    21         ./runtests $@
     23        TEST_LOCK=$(TEST_LOCK) ./runtests $@
    2224
    2325
     
    8789clean:
    8890        rm -rf server client authority logs cache outputs setup.done server.template msva.gnupghome \
    89          */*.pgp */*.gpg */*.pem */*.key authority.template client.template server.uid
     91         */*.pgp */*.gpg */*.gpg~ */*.pem */*.key authority.template client.template server.uid
     92        rmdir imposter rogueca
    9093
    9194.PHONY: all clean
  • test/runtests

    r5a8a32b r8731286  
    66
    77tests="${1##t-}"
     8
     9if [ -n "${TEST_LOCK}" ]; then
     10    TEST_LOCK="$(realpath ${TEST_LOCK})"
     11    flock_cmd="flock -w 10 ${TEST_LOCK}"
     12fi
    813
    914BADVARS=0
     
    2025
    2126if [ . != "$(dirname "$0")" ]; then
    22     printf "You should only run this mod-gnutls test suite from the t/ directory of the mod_gnutls source.\n" >&2
     27    printf "You should only run this mod-gnutls test suite from the test/ directory of the mod_gnutls source.\n" >&2
    2328    exit 1
    2429fi
     
    3742    printf "\nApache error logs:\n"
    3843    tail "../../logs/${TEST_NAME}.error.log"
    39     stop_msva
     44    if [ -n "${USE_MSVA}" ]; then
     45        stop_msva
     46    fi
    4047}
    4148
     
    4653fi
    4754
    48 GNUPGHOME=$(pwd)/msva.gnupghome MSVA_KEYSERVER_POLICY=never monkeysphere-validation-agent &
     55if [ -n "${USE_MSVA}" ]; then
     56    GNUPGHOME=$(pwd)/msva.gnupghome MSVA_KEYSERVER_POLICY=never monkeysphere-validation-agent &
     57    trap stop_msva EXIT
    4958
    50 trap stop_msva EXIT
     59    sleep "$TEST_GAP"
    5160
    52 sleep "$TEST_GAP"
     61    printf "TESTING: initial MSVA verification\n"
     62    MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" msva-query-agent https "$(cat client.uid)" x509pem client < client/x509.pem
     63    printf "\nSUCCESS: initial MSVA verification\n"
     64fi
    5365
    54 printf "TESTING: initial MSVA verification\n"
    55 MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" msva-query-agent https "$(cat client.uid)" x509pem client < client/x509.pem 
    56 printf "\nSUCCESS: initial MSVA verification\n"
    57 
    58 for t in $tests; do
    59     sleep "$TEST_GAP"
     66for t in $tests; do
     67    if [ -z "${flock_cmd}" ]; then
     68        echo "Warning: no lock file set"
     69        sleep "$TEST_GAP"
     70    fi
    6071    export TEST_NAME="$(basename "$t")"
    6172    output="../../outputs/${TEST_NAME}.output"
     
    6980    printf "TESTING: %s%s\n" "$TEST_NAME" "$EXPECTED_FAILURE"
    7081    trap apache_down_err EXIT
    71     MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" /usr/sbin/apache2 -f "$(pwd)/apache.conf" -k start || [ -e fail.server ]
     82    if [ -n "${USE_MSVA}" ]; then
     83        ${flock_cmd} \
     84            MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" \
     85            /usr/sbin/apache2 -f "$(pwd)/apache.conf" -k start \
     86            || [ -e fail.server ]
     87    else
     88        ${flock_cmd} \
     89            /usr/sbin/apache2 -f "$(pwd)/apache.conf" -k start \
     90            || [ -e fail.server ]
     91    fi
    7292
    7393    if (sed "s/__HOSTNAME__/${TEST_HOST}/" < ./input && sleep "$TEST_QUERY_DELAY") | \
     
    88108    fi
    89109    /usr/sbin/apache2 -f "$(pwd)/apache.conf" -k stop || [ -e fail.server ]
    90     trap stop_msva EXIT
     110    if [ -n "${USE_MSVA}" ]; then
     111        trap stop_msva EXIT
     112    else
     113        trap - EXIT
     114    fi
    91115    printf "SUCCESS: %s\n" "$TEST_NAME"
    92116    cd ../..
    93117done
    94118
    95 stop_msva
     119if [ -n "${USE_MSVA}" ]; then
     120    stop_msva
     121fi
  • test/setup

    r5a8a32b r8731286  
    1313
    1414if [ . != "$(dirname "$0")" ]; then
    15     printf "You should only run this mod-gnutls test suite from the t/ directory of the mod_gnutls source.\n" >&2
     15    printf "You should only run this mod-gnutls test suite from the test/ directory of the mod_gnutls source.\n" >&2
    1616    exit 1
    1717fi
Note: See TracChangeset for help on using the changeset viewer.