[libvirt] [PATCH 2/2] Add a test case for certificate validation
Eric Blake
eblake at redhat.com
Fri Jul 22 17:43:03 UTC 2011
On 07/22/2011 05:06 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange"<berrange at redhat.com>
>
> This test case checks certification validation rules for
>
> - Basic constraints
> - Key purpose
> - Key usage
> - Start/expiry times
>
> It checks initial context creation sanity checks, and live
> session validation
> ---
I spoke too soon. This breaks the build in multiple ways:
> +++ b/tests/pkix_asn1_tab.c
> @@ -0,0 +1,567 @@
> +/*
> + * This file comes from gnutls, licensed under the GPLv3+
> + */
> +
> +#include<config.h>
> +#include<libtasn1.h>
> +
While you already convinced me that -ltasn1 will work (because we
require gnutls, and the gnutls libraries require -ltasn1), you forget
the source side of things. If you don't have libtasn1-devel installed
on Fedora, then compilation fails with:
virnettlscontexttest.c:37:23: fatal error: libtasn1.h: No such file or
directory
Next, if you have new enough gcc and the right devel files, compilation
fails with:
virnettlscontexttest.c:1235: error: the frame size of 5376 bytes is
larger than 4096 bytes [-Wframe-larger-than=]
and on IRC, laine reported:
<laine> Bah. Just making the structs defined inside mymain of
virnettlscontexttext.c as static (or moving them to be global instead of
on the stack) doesn't work - it gets the stack usage down, but then the
first test hits an abort in testTLSGenerateCert (virnettlscontexttest.c:180
<laine> But that has nothing to do with the struct that's being passed
down. Looks like the entire test is broken. Is this failing for others?
Or do I have an older version of a library or something that's causing
gnutls_x509_crt_init to fail?
Any ideas on what needs to be done to fix that?
It doesn't help that libvirt.org is temporarily down at the moment.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
More information about the libvir-list
mailing list