shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity

tests: Provide minimal openssl configuration file

Browse Source 
When we use empty configuration file, some stuff go south in c10s
and for example fips mode detection does not work anymore.

Providing minimal configuration file avoids the issues of loading
the provider too early, while keeping fips mode activation working
and tests happy.

It also configures the pkcs11-provider to assume the token provides
FIPS approved crypto so the tests can work.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2026-01-09 20:58:03 +01:00
parent ef45b8ae8c
commit b33a90d20b
5 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/client/torture_auth_pkcs11.c
View File

@@ -283,7 +283,7 @@ int torture_run_tests(void)
* tokens, causing unexpected failures. * tokens, causing unexpected failures.
* Make sure this comes before ssh_init(), which initializes OpenSSL! * Make sure this comes before ssh_init(), which initializes OpenSSL!
*/ */
setenv("OPENSSL_CONF", "/dev/null", 1); setenv("OPENSSL_CONF", SOURCEDIR "/tests/etc/openssl.cnf", 1);
ssh_init(); ssh_init();
torture_filter_tests(tests); torture_filter_tests(tests);

11
tests/etc/openssl.cnf Normal file
View File

@@ -0,0 +1,11 @@
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
pkcs11 = pkcs11_sect
[default_sect]
activate = 1
[pkcs11_sect]
activate = 1
pkcs11-module-assume-fips = true

2
tests/unittests/torture_pki_ecdsa_uri.c
View File

@@ -569,7 +569,7 @@ int torture_run_tests(void) {
* tokens, causing unexpected failures. * tokens, causing unexpected failures.
* Make sure this comes before ssh_init(), which initializes OpenSSL! * Make sure this comes before ssh_init(), which initializes OpenSSL!
*/ */
setenv("OPENSSL_CONF", "/dev/null", 1); setenv("OPENSSL_CONF", SOURCEDIR "/tests/etc/openssl.cnf", 1);
ssh_init(); ssh_init();
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity); ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);

2
tests/unittests/torture_pki_ed25519_uri.c
View File

@@ -338,7 +338,7 @@ int torture_run_tests(void)
* tokens, causing unexpected failures. * tokens, causing unexpected failures.
* Make sure this comes before ssh_init(), which initializes OpenSSL! * Make sure this comes before ssh_init(), which initializes OpenSSL!
*/ */
setenv("OPENSSL_CONF", "/dev/null", 1); setenv("OPENSSL_CONF", SOURCEDIR "/tests/etc/openssl.cnf", 1);
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity); ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);

2
tests/unittests/torture_pki_rsa_uri.c
View File

@@ -291,7 +291,7 @@ torture_run_tests(void)
* tokens, causing unexpected failures. * tokens, causing unexpected failures.
* Make sure this comes before ssh_init(), which initializes OpenSSL! * Make sure this comes before ssh_init(), which initializes OpenSSL!
*/ */
setenv("OPENSSL_CONF", "/dev/null", 1); setenv("OPENSSL_CONF", SOURCEDIR "/tests/etc/openssl.cnf", 1);
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity); ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);