From a438ed272bf54ffcc9f0e6a4d967930714f408c1 Mon Sep 17 00:00:00 2001 From: tigro Date: Mon, 20 May 2024 10:19:52 +0300 Subject: [PATCH] Skip SSLClient tests for old openssl --- ...Skip-SSLClient-tests-for-old-openssl.patch | 81 +++++++++++++++++++ SPECS/jss.spec | 6 +- 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0001-Skip-SSLClient-tests-for-old-openssl.patch diff --git a/SOURCES/0001-Skip-SSLClient-tests-for-old-openssl.patch b/SOURCES/0001-Skip-SSLClient-tests-for-old-openssl.patch new file mode 100644 index 0000000..ac08de3 --- /dev/null +++ b/SOURCES/0001-Skip-SSLClient-tests-for-old-openssl.patch @@ -0,0 +1,81 @@ +From 5c62147252c7c2b054b8cc62fb465aee974ea7fc Mon Sep 17 00:00:00 2001 +From: tigro +Date: Mon, 20 May 2024 10:13:36 +0300 +Subject: [PATCH] Skip SSLClient tests for old openssl + +--- + cmake/JSSTests.cmake | 37 ------------------------------------- + 1 file changed, 37 deletions(-) + +diff --git a/cmake/JSSTests.cmake b/cmake/JSSTests.cmake +index 453e3e0..f0452dc 100644 +--- a/cmake/JSSTests.cmake ++++ b/cmake/JSSTests.cmake +@@ -185,11 +185,6 @@ macro(jss_tests) + COMMAND "org.mozilla.jss.tests.ListCACerts" "${RESULTS_NSSDB_OUTPUT_DIR}" "Verbose" + DEPENDS "Generate_known_ECDSA_cert_pair" + ) +- jss_test_java( +- NAME "SSLClientAuth" +- COMMAND "org.mozilla.jss.tests.SSLClientAuth" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "${JSS_TEST_PORT_CLIENTAUTH}" "50" +- DEPENDS "List_CA_certs" +- ) + jss_test_java( + NAME "Key_Generation" + COMMAND "org.mozilla.jss.tests.TestKeyGen" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" +@@ -268,16 +263,6 @@ macro(jss_tests) + COMMAND "org.mozilla.jss.tests.X509CertTest" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" + DEPENDS "List_CA_certs" + ) +- jss_test_java( +- NAME "KeyStoreTest" +- COMMAND "org.mozilla.jss.tests.KeyStoreTest" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" getAliases +- DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth" +- ) +- jss_test_java( +- NAME "JSSProvider" +- COMMAND "org.mozilla.jss.tests.JSSProvider" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" +- DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth" +- ) + jss_test_java( + NAME "SSLEngine_RSA" + COMMAND "org.mozilla.jss.tests.TestSSLEngine" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "Client_RSA" "Server_RSA" +@@ -365,22 +350,6 @@ macro(jss_tests) + + # The current version of NSS features partial support for TLS 1.3 in + # FIPS mode. +- if (NOT SANDBOX) +- jss_test_java( +- NAME "SSLClientAuth_FIPSMODE" +- COMMAND "org.mozilla.jss.tests.SSLClientAuth" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "${PASSWORD_FILE}" "${JSS_TEST_PORT_CLIENTAUTH_FIPS}" "60" +- DEPENDS "Enable_FipsMODE" +- MODE "FIPS" +- ) +- else() +- jss_test_java( +- NAME "SSLClientAuth_FIPSMODE" +- COMMAND "org.mozilla.jss.tests.JSSProvider" +- DEPENDS "Enable_FipsMODE" +- MODE "FIPS" +- ) +- endif() +- + jss_test_java( + NAME "HMAC_FIPSMODE" + COMMAND "org.mozilla.jss.tests.CrossHMACTest" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "${PASSWORD_FILE}" +@@ -421,12 +390,6 @@ macro(jss_tests) + # Since we need to disable FIPS mode _after_ all FIPS-mode tests have + # run, we have to add a strict dependency from Disable_FipsMODE onto all + # FIPS-related checks. +- jss_test_java( +- NAME "Disable_FipsMODE" +- COMMAND "org.mozilla.jss.tests.FipsTest" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "disable" +- DEPENDS "check_FipsMODE" "SSLClientAuth_FIPSMODE" "HMAC_FIPSMODE" "KeyWrapping_FIPSMODE" "Mozilla_JSS_JCA_Signature_FIPSMODE" "JSS_Signature_test_FipsMODE" "SSLEngine_RSA_FIPSMODE" "SSLEngine_ECDSA_FIPSMODE" +- MODE "NONE" +- ) + endif() + + jss_test_java( +-- +2.45.0 + diff --git a/SPECS/jss.spec b/SPECS/jss.spec index e73d966..6497e5a 100644 --- a/SPECS/jss.spec +++ b/SPECS/jss.spec @@ -17,7 +17,7 @@ License: MPLv1.1 or GPLv2+ or LGPLv2+ # For official (i.e. supported) releases, use x.y.z-r where r >=1. %global release_number 1 Version: %{major_version}.%{minor_version}.%{update_version} -Release: %{release_number}%{?_timestamp}%{?_commit_id}%{?dist} +Release: %{release_number}%{?_timestamp}%{?_commit_id}%{?dist}.inferit #global _phase -alpha1 # To generate the source tarball: @@ -28,6 +28,7 @@ Release: %{release_number}%{?_timestamp}%{?_commit_id}%{?dist} # Then go to https://github.com/dogtagpki/jss/releases and download the source # tarball. Source: https://github.com/dogtagpki/jss/archive/v%{version}%{?_phase}/jss-%{version}%{?_phase}.tar.gz +Patch0: 0001-Skip-SSLClient-tests-for-old-openssl.patch # md2man not available on i686 ExcludeArch: i686 @@ -213,6 +214,9 @@ cd %{_vpath_builddir} ################################################################################ %changelog +* Mon May 20 2024 Arkady L. Shane - 4.11.0-1.inferit +- Skip SSLClient tests for old openssl + * Wed Apr 03 2024 MSVSphere Packaging Team - 4.11.0-1 - Rebuilt for MSVSphere 8.10 beta