Marcus Meissner
9e853f9c54
- socat-openssl-1.1-tests.patch: make tests work on openssl1. (bsc#1042674) OBS-URL: https://build.opensuse.org/request/show/517388 OBS-URL: https://build.opensuse.org/package/show/network:utilities/socat?expand=0&rev=40
56 lines
3.1 KiB
Diff
56 lines
3.1 KiB
Diff
OpenSSL 1.1 introduces the concept of security levels, in attempt to prevent
|
|
users from accidently setting insecure ciphers.
|
|
aNULL ciphers are considered insecure and are only allowed in Security Level 0.
|
|
The default Security Level is 1.
|
|
Unfortunately a cipher string featuring @SECLEVEL=0 is not accepted in older
|
|
OpenSSL versions, thus this patch should be applied to newer distributions only.
|
|
|
|
Index: socat-1.7.3.2/test.sh
|
|
===================================================================
|
|
--- socat-1.7.3.2.orig/test.sh 2017-01-22 19:07:10.000000000 +0100
|
|
+++ socat-1.7.3.2/test.sh 2017-08-17 12:36:50.809352091 +0200
|
|
@@ -11227,8 +11227,8 @@ tf="$td/test$N.stdout"
|
|
te="$td/test$N.stderr"
|
|
tdiff="$td/test$N.diff"
|
|
da="test$N $(date) $RANDOM"
|
|
-CMD2="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,$SOCAT_EGD,ciphers=aNULL,verify=0 pipe"
|
|
-CMD="$TRACE $SOCAT $opts - openssl:$LOCALHOST:$PORT,ciphers=aNULL,verify=0,$SOCAT_EGD"
|
|
+CMD2="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,$SOCAT_EGD,ciphers=aNULL:@SECLEVEL=0,verify=0 pipe"
|
|
+CMD="$TRACE $SOCAT $opts - openssl:$LOCALHOST:$PORT,ciphers=aNULL:@SECLEVEL=0,verify=0,$SOCAT_EGD"
|
|
printf "test $F_n $TEST... " $N
|
|
eval "$CMD2 2>\"${te}1\" &"
|
|
pid=$! # background process id
|
|
@@ -11632,8 +11632,8 @@ tf1="$td/test$N.1.stdout"
|
|
te1="$td/test$N.1.stderr"
|
|
tdiff="$td/test$N.diff"
|
|
da="test$N $(date) $RANDOM"
|
|
-CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,ciphers=aNULL,verify=0, PIPE"
|
|
-CMD1="$TRACE $SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,bind=$LOCALHOST,ciphers=aNULL,verify=0"
|
|
+CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,ciphers=aNULL:@SECLEVEL=0,verify=0, PIPE"
|
|
+CMD1="$TRACE $SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,bind=$LOCALHOST,ciphers=aNULL:@SECLEVEL=0,verify=0"
|
|
printf "test $F_n $TEST... " $N
|
|
$CMD0 >/dev/null 2>"$te0" &
|
|
pid0=$!
|
|
@@ -12191,8 +12191,8 @@ tf="$td/test$N.stdout"
|
|
te="$td/test$N.stderr"
|
|
tdiff="$td/test$N.diff"
|
|
da="test$N $(date) $RANDOM"
|
|
-CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,cipher=aNULL,verify=0 SYSTEM:cat"
|
|
-CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,cipher=aNULL,verify=0"
|
|
+CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,cipher=aNULL:@SECLEVEL=0,verify=0 SYSTEM:cat"
|
|
+CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,cipher=aNULL:@SECLEVEL=0,verify=0"
|
|
printf "test $F_n $TEST... " $N
|
|
$CMD0 >/dev/null 2>"${te}0" &
|
|
pid0=$!
|
|
@@ -12302,8 +12302,8 @@ tf="$td/test$N.stdout"
|
|
te="$td/test$N.stderr"
|
|
tdiff="$td/test$N.diff"
|
|
da="test$N $(date) $RANDOM"
|
|
-CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,method=$method,cipher=aNULL,verify=0 PIPE"
|
|
-CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,method=$method,cipher=aNULL,verify=0"
|
|
+CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,method=$method,cipher=aNULL:@SECLEVEL=0,verify=0 PIPE"
|
|
+CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,method=$method,cipher=aNULL:@SECLEVEL=0,verify=0"
|
|
printf "test $F_n $TEST... " $N
|
|
if [ "$method" = DTLS1 -a "$(echo -e "$OPENSSL_VERSION\n1.0.2" |sort -V |tail -n 1)" = "$OPENSSL_VERSION_GOOD" ]; then
|
|
$PRINTF "${YELLOW}might hang, skipping${NORMAL}\n"
|