On Wed, Mar 22, 2023 at 06:14:55PM -0400, selva.n...@gmail.com wrote: > From: Selva Nair <selva.n...@gmail.com> > > - Load some test certificate/key pairs into a temporary softhsm2 token > and enumerate available objects through pkcs11-helper interface > > - For each object, load it into SSL_CTX and test sign (if using OpenSSL 3) > or check the certificate and public-key match (if using OpenSSl 1.1.1.). > The pkcs11-id for each object is specified directly or > through a mocked management callback to test pkcs11-id-management > > Limitations: > Depends on libsofthsm2.so and p11tool (install softhsm2 and gnutls-bin > packages). Mbed-TLS/pkcs11-helper combination is not tested. > > If locations of these binaries are not auto-detected or need to be > overridden, use -DSOFTHSM2_UTIL=<path> -DP11TOOL=<path> to configure. > Location of SOFTHSM2_MODULE is not auto-detected and defaults to > /usr/lib/softhsm/libsofthsm2.so. It may be changed by passing > -DSOFTHSM2_MODULE=/some-path/libsofthsm2.so to configure. > Also see "configure --help". > > The test is enabled only if --enable-pkcs11 is in use, and SOFTHSM2_UTIL > & P11TOOL are found in path or manually defined during configuring. > > Changes relative to github PR > - Explicitly disable building the test on Windows: need to port mkstemp, > mkdtemp, setenv etc., before enabling this on Windows. > > Signed-off-by: Selva Nair <selva.n...@gmail.com>
I reviewed this on Github, with a focus on the configuration part. Approved it there, so Acked-By: Frank Lichtenheld <fr...@lichtenheld.com> -- Frank Lichtenheld _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
