Changeset b0e5dae in mod_gnutls

Timestamp:

Feb 12, 2016, 9:20:46 PM (4 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, proxy-ticket, upstream

Children:

aeaf28b

Parents:

6f644fa

Message:

Test suite: Add support for SoftHSM 2

./configure now detects SoftHSM version 1 or 2, and test case
"24_pkcs11_cert" can use either to provide its PKCS #11 token.

Files:

• configure.ac (modified) (1 diff)
• test/Makefile.am (modified) (2 diffs)
• test/test-24_pkcs11_cert.bash (modified) (2 diffs)
• test/test_ca.mk (modified) (1 diff)

configure.ac

@@ -172 +172 @@
 MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
 
-AC_PATH_PROGS([SOFTHSM], [softhsm], [no])
+AC_PATH_PROGS([SOFTHSM], [softhsm2-util softhsm], [no])
 if test "${SOFTHSM}" != "no"; then
         softhsm_version=$(${SOFTHSM} --version)

test/Makefile.am

@@ -113 +113 @@
 endif
 
-# SoftHSM files
-check_DATA += server/softhsm.db
-MOSTLYCLEANFILES += tests/24_pkcs11_cert/softhsm.conf server/softhsm.db
-
+
+# SoftHSM tokens. Note that the SoftHSM 2 token is a directory and
+# hence has to be treated slightly differently.
+SOFTHSM_TOKEN = server/softhsm.db
+SOFTHSM2_TOKEN = server/softhsm2.db
+
+# Tokens should be cleaned whether or not the matching SoftHSM version
+# was detected on the last ./configure run.
+MOSTLYCLEANFILES += $(SOFTHSM_TOKEN)
+# included in mostlyclean-local below
+clean-softhsm2-db:
+        -rm -rf $(SOFTHSM2_TOKEN)
+
+if HAVE_SOFTHSM1
+check_DATA += $(SOFTHSM_TOKEN)
+endif HAVE_SOFTHSM1
+
+if HAVE_SOFTHSM2
+check_DATA += $(SOFTHSM2_TOKEN)
+endif HAVE_SOFTHSM2
 
 check_DATA += make-test-dirs
@@ -122 +138 @@
 make-test-dirs:
         mkdir -p $(extra_dirs)
-.PHONY: make-test-dirs
+
+.PHONY: make-test-dirs clean-softhsm2-db
+
+mostlyclean-local: clean-softhsm2-db
 
 clean-local:

test/test-24_pkcs11_cert.bash

@@ -3 +3 @@
 testdir="$(dirname ${0})/tests/24_pkcs11_cert"
 
-# The Apache/SoftHSM configuration mixes up directories, so generate a
-# config file with an absolute path to the token database from a
-# template. Generating it on every run avoids problems if the source
+# The Apache/SoftHSM configuration mixes up directories, so generate
+# config files with absolute paths to the token database from a
+# template. Generating them on every run avoids problems if the source
 # tree was moved.
 tmp_softhsm_conf="$(mktemp mod_gnutls_test-XXXXXX.conf)"
@@ -14 +14 @@
 trap cleanup_tmpconf EXIT
 
-cat - >"${tmp_softhsm_conf}" <<EOF
+if [ "${SOFTHSM_MAJOR_VERSION}" = "1" ]; then
+    cat - >"${tmp_softhsm_conf}" <<EOF
 0:$(realpath $(pwd))/server/softhsm.db
 EOF
-export SOFTHSM_CONF="${tmp_softhsm_conf}"
+    export SOFTHSM_CONF="${tmp_softhsm_conf}"
+elif [ "${SOFTHSM_MAJOR_VERSION}" = "2" ]; then
+    cat - >"${tmp_softhsm_conf}" <<EOF
+objectstore.backend = file
+directories.tokendir = $(realpath $(pwd))/server/softhsm2.db
+EOF
+    export SOFTHSM2_CONF="${tmp_softhsm_conf}"
+fi
+
 echo "Generated temporary SoftHSM config ${tmp_softhsm_conf}:"
 cat "${tmp_softhsm_conf}"

test/test_ca.mk

@@ -64 +64 @@
         $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
 
+%/softhsm2.conf: %/secret.key
+        echo "objectstore.backend = file" > $@
+        echo "directories.tokendir = $(dir $@)softhsm2.db" >> $@
+
+%/softhsm2.db: %/x509.pem %/secret.key %/softhsm2.conf
+        mkdir -p $@
+        SOFTHSM="@SOFTHSM@" \
+        SOFTHSM2_CONF="$(dir $@)softhsm2.conf" \
+        $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
+
 # Generate CRL revoking a certain certificate. Currently used to
 # revoke the server certificate and check if setting the CRL as