pool/glib-networking
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1034190 from GNOME:Factory

Browse Source 
- Fix build with gnutls 3.7.8:
  * tests: skip tls-exporter test for TLS 1.2
  * https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201
  * Add glib-networking-gnutls-tls-exporter-tls12.patch

OBS-URL: https://build.opensuse.org/request/show/1034190
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/glib-networking?expand=0&rev=82
This commit is contained in:
Dominique Leuenberger 2022-11-08 09:53:33 +00:00 committed by Git OBS Bridge
commit 9b2afa0f9e
3 changed files with 98 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
glib-networking-gnutls-tls-exporter-tls12.patch Normal file
View File

@ -0,0 +1,88 @@
From 205b578c6de0a6b42dd24d97f08ab47d0347431a Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 2 Nov 2022 13:26:53 +0100
Subject: [PATCH] tests: skip tls-exporter test for TLS 1.2
TLS exporter does not exist before TLS 1.3 so skip the tls-exporter test
for TLS 1.2.
Fixes https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201
Part-of: <https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/227>
---
tls/tests/connection.c | 49 ++++++++++++++++++++++++++----------------
1 file changed, 31 insertions(+), 18 deletions(-)
Index: glib-networking-2.74.0/tls/tests/connection.c
===================================================================
--- glib-networking-2.74.0.orig/tls/tests/connection.c
+++ glib-networking-2.74.0/tls/tests/connection.c
@@ -2723,6 +2723,8 @@ test_connection_binding_match_tls_export
GByteArray *client_cb, *server_cb;
gchar *client_b64, *server_b64;
GError *error = NULL;
+ gboolean client_supports_tls_exporter;
+ gboolean server_supports_tls_exporter;
test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
g_assert_no_error (error);
@@ -2751,27 +2753,38 @@ test_connection_binding_match_tls_export
g_main_loop_run (test->loop);
/* Smoke test: ensure both sides support tls-exporter */
- g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
- G_TLS_CHANNEL_BINDING_TLS_EXPORTER, NULL, NULL));
- g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
- G_TLS_CHANNEL_BINDING_TLS_EXPORTER, NULL, NULL));
-
- /* Real test: retrieve bindings and compare */
- client_cb = g_byte_array_new ();
- server_cb = g_byte_array_new ();
- g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
- G_TLS_CHANNEL_BINDING_TLS_EXPORTER, client_cb, NULL));
- g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
- G_TLS_CHANNEL_BINDING_TLS_EXPORTER, server_cb, NULL));
-
- client_b64 = g_base64_encode (client_cb->data, client_cb->len);
- server_b64 = g_base64_encode (server_cb->data, server_cb->len);
- g_assert_cmpstr (client_b64, ==, server_b64);
-
- g_free (client_b64);
- g_free (server_b64);
- g_byte_array_unref (client_cb);
- g_byte_array_unref (server_cb);
+ client_supports_tls_exporter = g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+ G_TLS_CHANNEL_BINDING_TLS_EXPORTER, NULL, NULL);
+ server_supports_tls_exporter = g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+ G_TLS_CHANNEL_BINDING_TLS_EXPORTER, NULL, NULL);
+
+ g_assert_true (client_supports_tls_exporter == server_supports_tls_exporter);
+
+ if (client_supports_tls_exporter)
+ {
+ /* Real test: retrieve bindings and compare */
+ client_cb = g_byte_array_new ();
+ server_cb = g_byte_array_new ();
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+ G_TLS_CHANNEL_BINDING_TLS_EXPORTER, client_cb, NULL));
+ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+ G_TLS_CHANNEL_BINDING_TLS_EXPORTER, server_cb, NULL));
+
+ client_b64 = g_base64_encode (client_cb->data, client_cb->len);
+ server_b64 = g_base64_encode (server_cb->data, server_cb->len);
+ g_assert_cmpstr (client_b64, ==, server_b64);
+
+ g_free (client_b64);
+ g_free (server_b64);
+ g_byte_array_unref (client_cb);
+ g_byte_array_unref (server_cb);
+ }
+ else
+ {
+ g_assert_true (g_tls_connection_get_protocol_version (
+ G_TLS_CONNECTION (test->client_connection)) == G_TLS_PROTOCOL_VERSION_TLS_1_2);
+ g_test_skip ("tls-exporter is not supported before TLS 1.3");
+ }
/* drop the mic */
close_server_connection (test);

8
glib-networking.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Wed Oct 26 10:22:12 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
- Fix build with gnutls 3.7.8:
* tests: skip tls-exporter test for TLS 1.2
* https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201
* Add glib-networking-gnutls-tls-exporter-tls12.patch
-------------------------------------------------------------------
Thu Sep 15 16:18:01 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>

3
glib-networking.spec
View File

@ -26,7 +26,8 @@ Group: Development/Libraries/C and C++
URL: https://www.gnome.org
Source0: https://download.gnome.org/sources/glib-networking/2.74/%{name}-%{version}.tar.xz
Source99: baselibs.conf
# PATCH-FIX-UPSTREAM glib-networking-gnutls-tls-exporter-tls12.patch glgo#GNOME/glib-networking#201 pmonreal@suse.com -- Fix build with gnutls 3.7.8
Patch0: glib-networking-gnutls-tls-exporter-tls12.patch
BuildRequires: ca-certificates-mozilla
# For directory ownership
BuildRequires: dbus-1