diff --git a/fix-gnutls-3.6.4.patch b/fix-gnutls-3.6.4.patch new file mode 100644 index 0000000..8bd423f --- /dev/null +++ b/fix-gnutls-3.6.4.patch @@ -0,0 +1,41 @@ +From: =?utf8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Wed, 24 Apr 2019 04:32:09 +0200 +Subject: [PATCH] Test: Accept IE_NETWORK error when client does not provide a + correct certificate +Git-commit: 5cc5b83788e229582bd048a630b3151a140f9437 +Patch-mainline: yes + +After upgrading GnuTLS to 3.6.4, +test/simline/certificate_user_password_authentication tests that exhibit +a missing client's certificate and a bad client's certificate started to +fail. That's because cURL returns a network error instead of a TLS error in +that case when TLSv1.3 is used. + +This patch work arounds this cURL deficiency. + +See a similar GnuTLS bug report +. +--- + test/simline/certificate_user_password_authentication.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/test/simline/certificate_user_password_authentication.c b/test/simline/certificate_user_password_authentication.c +index c0192ab..7789d7c 100644 +--- a/test/simline/certificate_user_password_authentication.c ++++ b/test/simline/certificate_user_password_authentication.c +@@ -35,7 +35,11 @@ static int test_login(const isds_error error, struct isds_ctx *context, + isds_error err; + + err = isds_login(context, url, username, password, pki_credentials, otp); +- if (error != err) ++ /* If TLSv1.3 is used, cURL reports a network error instead of a security ++ * error if server refuses client's certificate (since GnuTLS 3.6.4). ++ * Maybe a . As a workaround, ++ * accept IE_NETWORK if IE_SECURITY was expected. */ ++ if (error != err && (IE_SECURITY != error || IE_NETWORK != err)) + FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)", + isds_strerror(error), isds_strerror(err), + isds_long_message(context)); +-- +2.10.5.GIT + diff --git a/libisds.changes b/libisds.changes index 0542379..f61fdb3 100644 --- a/libisds.changes +++ b/libisds.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue May 21 07:29:12 UTC 2019 - Jiri Slaby + +- add fix-gnutls-3.6.4.patch (fixes build) + ------------------------------------------------------------------- Mon Aug 13 07:09:37 UTC 2018 - tchvatal@suse.com diff --git a/libisds.spec b/libisds.spec index 729f129..93e1f52 100644 --- a/libisds.spec +++ b/libisds.spec @@ -1,7 +1,7 @@ # # spec file for package libisds # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -27,6 +27,7 @@ URL: http://xpisar.wz.cz/libisds/ Source0: http://xpisar.wz.cz/%{name}/dist/%{name}-%{version}.tar.xz Source1: http://xpisar.wz.cz/%{name}/dist/%{name}-%{version}.tar.xz.asc Source2: %{name}.keyring +Patch0: fix-gnutls-3.6.4.patch BuildRequires: gpg2 BuildRequires: libgcrypt-devel BuildRequires: libgpgme-devel @@ -63,6 +64,7 @@ developing applications that use %{name}. %prep %setup -q +%autopatch -p1 %build %configure \