Accepting request 704363 from home:jirislaby:branches:network

- add fix-gnutls-3.6.4.patch (fixes build) OBS-URL: https://build.opensuse.org/request/show/704363 OBS-URL: https://build.opensuse.org/package/show/network/libisds?expand=0&rev=19
2019-05-21 08:16:29 +00:00 · 2019-05-21 08:16:29 +00:00 · 776397ab37
commit 776397ab37
parent c9974f37e4
3 changed files with 50 additions and 2 deletions
--- a/fix-gnutls-3.6.4.patch
+++ b/fix-gnutls-3.6.4.patch
@ -0,0 +1,41 @@
+From: =?utf8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz>
+Date: Wed, 24 Apr 2019 04:32:09 +0200
+Subject: [PATCH] Test: Accept IE_NETWORK error when client does not provide a
+ correct certificate
+Git-commit: 5cc5b83788e229582bd048a630b3151a140f9437
+Patch-mainline: yes
+
+After upgrading GnuTLS to 3.6.4,
+test/simline/certificate_user_password_authentication tests that exhibit
+a missing client's certificate and a bad client's certificate started to
+fail. That's because cURL returns a network error instead of a TLS error in
+that case when TLSv1.3 is used.
+
+This patch work arounds this cURL deficiency.
+
+See a similar GnuTLS bug report
+<https://gitlab.com/gnutls/gnutls/issues/615>.
+---
+ test/simline/certificate_user_password_authentication.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/test/simline/certificate_user_password_authentication.c b/test/simline/certificate_user_password_authentication.c
+index c0192ab..7789d7c 100644
+--- a/test/simline/certificate_user_password_authentication.c
+++ b/test/simline/certificate_user_password_authentication.c
+@@ -35,7 +35,11 @@ static int test_login(const isds_error error, struct isds_ctx *context,
+     isds_error err;
+ 
+     err = isds_login(context, url, username, password, pki_credentials, otp);
+-    if (error != err)
+    /* If TLSv1.3 is used, cURL reports a network error instead of a security
+     * error if server refuses client's certificate (since GnuTLS 3.6.4).
+     * Maybe a <https://gitlab.com/gnutls/gnutls/issues/615>. As a workaround,
+     * accept IE_NETWORK if IE_SECURITY was expected. */
+    if (error != err && (IE_SECURITY != error || IE_NETWORK != err))
+         FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
+                 isds_strerror(error), isds_strerror(err),
+                 isds_long_message(context));
+-- 
+2.10.5.GIT
+
--- a/libisds.changes
+++ b/libisds.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue May 21 07:29:12 UTC 2019 - Jiri Slaby <jslaby@suse.com>
+
+- add fix-gnutls-3.6.4.patch (fixes build)
+
 -------------------------------------------------------------------
 Mon Aug 13 07:09:37 UTC 2018 - tchvatal@suse.com

--- a/libisds.spec
+++ b/libisds.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libisds
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


@ -27,6 +27,7 @@ URL:            http://xpisar.wz.cz/libisds/
 Source0:        http://xpisar.wz.cz/%{name}/dist/%{name}-%{version}.tar.xz
 Source1:        http://xpisar.wz.cz/%{name}/dist/%{name}-%{version}.tar.xz.asc
 Source2:        %{name}.keyring
+Patch0:         fix-gnutls-3.6.4.patch
 BuildRequires:  gpg2
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libgpgme-devel
@ -63,6 +64,7 @@ developing applications that use %{name}.

 %prep
 %setup -q
+%autopatch -p1

 %build
 %configure \