сб, 15 февр. 2020 г. в 19:59, James Bottomley < james.bottom...@hansenpartnership.com>:
> On Fri, 2020-02-14 at 18:33 +0500, Илья Шипицин wrote: > > пт, 14 февр. 2020 г. в 18:05, James Bottomley < > > james.bottom...@hansenpartnership.com>: > > > > > On Thu, 2020-02-13 at 19:18 +0100, Arne Schwabe wrote: > > > > Am 10.02.18 um 23:50 schrieb James Bottomley: > > > > > Testing engines is problematic, so one of the prerequisites > > > > > built > > > > > for the tests is a simple openssl engine that reads a non- > > > > > standard > > > > > PEM guarded key. The test is simply can we run a client/server > > > > > configuration with the usual sample key replaced by an engine > > > > > key. > > > > > The trivial engine prints out some operations and we check for > > > > > these in the log to make sure the engine was used to load the > > > > > key > > > > > and that it correctly got the password. > > > > > > > > This tests the openssl engine functionality in a sensible way. > > > > But I > > > > think it is not fully ready to be commited. To get it working I > > > > needed to do following changes on my Mac: > > > > > > That could be ... I only have a linux box to try this out on. > > > > > > > commit afa697cec15b4e54e720efe9de39c9b20b13c5c8 (HEAD -> > > > > review/enginekeys) > > > > Author: Arne Schwabe <a...@rfc2549.org> > > > > Date: Thu Feb 13 18:13:34 2020 +0100 > > > > > > > > foo > > > > > > > > diff --git a/tests/unit_tests/engine-key/Makefile.am > > > > b/tests/unit_tests/engine-key/Makefile.am > > > > index 73921965..6d7fc9c5 100644 > > > > --- a/tests/unit_tests/engine-key/Makefile.am > > > > +++ b/tests/unit_tests/engine-key/Makefile.am > > > > @@ -10,4 +10,6 @@ TESTS_ENVIRONMENT = srcdir="$(abs_srcdir)"; \ > > > > TESTS = check_engine_keys.sh > > > > > > > > libtestengine_la_SOURCES = libtestengine.c > > > > -libtestengine_la_LDFLAGS = -rpath /lib -avoid-version > > > > +libtestengine_la_LDFLAGS = @TEST_LDFLAGS@ -rpath /lib > > > > +libtestengine_la_CFLAGS = @TEST_CFLAGS@ -I$(openvpn_srcdir) > > > > -I$(compat_srcdir) > > > > + > > > > diff --git a/tests/unit_tests/engine-key/libtestengine.c > > > > b/tests/unit_tests/engine-key/libtestengine.c > > > > index fa7f5de1..46ec1e33 100644 > > > > --- a/tests/unit_tests/engine-key/libtestengine.c > > > > +++ b/tests/unit_tests/engine-key/libtestengine.c > > > > @@ -30,7 +30,6 @@ static EVP_PKEY *engine_load_key(ENGINE *e, > > > > const > > > > char > > > > *key_id, > > > > PKCS8_PRIV_KEY_INFO *p8inf; > > > > UI *ui; > > > > char auth[256]; > > > > - int len; > > > > > > the variable is certainly unused and can go. > > > > > > > fprintf(stderr, "ENGINE: engine_load_key called\n"); > > > > > > > > diff --git a/tests/unit_tests/engine-key/openssl.cnf > > > > b/tests/unit_tests/engine-key/openssl.cnf > > > > index 53200c46..e9513a92 100644 > > > > --- a/tests/unit_tests/engine-key/openssl.cnf > > > > +++ b/tests/unit_tests/engine-key/openssl.cnf > > > > @@ -9,4 +9,4 @@ engines = engines_section > > > > testengine = testengine_section > > > > > > > > [testengine_section] > > > > -dynamic_path = $ENV::srcdir/.libs/libtestengine.so > > > > +dynamic_path = $ENV::srcdir/.libs/libtestengine.dylib > > > > we use gost-engine (https://github.com/engine/gost-engine) > > > > on both linux and osx. > > > > for some time there was a bug in openssl: > > > > https://github.com/openssl/openssl/issues/8950 > > > > > > however, for now "dylib" is used for osx. and > > but we do not use "dynamic" path. we use config like that > > > > openssl_conf = openssl_def > > > > [openssl_def] > > engines = engine_section > > > > [engine_section] > > gost = gost_section > > > > [gost_section] > > default_algorithms = ALL > > engine_id = gost > > CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet > > Right, that works if the engine is in the correct directory. The > problem with this engine is that it's only built as a test > demonstration for the openvpn engine code, so it's never installed in > the openssl engines directory, so we have to tell openssl exactly where > to find it in the openvpn tree ... and that seems to involve naming the > whole file and location, including extension. > > yes, I understand reasoning. maybe we should add dynamic path to our tests as well. > James > >
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
