[libvirt] [PATCH 2/2] Add a test case for certificate validation

Eric Blake eblake at redhat.com
Fri Jul 22 17:43:03 UTC 2011


On 07/22/2011 05:06 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange"<berrange at redhat.com>
>
> This test case checks certification validation rules for
>
>   - Basic constraints
>   - Key purpose
>   - Key usage
>   - Start/expiry times
>
> It checks initial context creation sanity checks, and live
> session validation
> ---

I spoke too soon.  This breaks the build in multiple ways:

> +++ b/tests/pkix_asn1_tab.c
> @@ -0,0 +1,567 @@
> +/*
> + * This file comes from gnutls, licensed under the GPLv3+
> + */
> +
> +#include<config.h>
> +#include<libtasn1.h>
> +

While you already convinced me that -ltasn1 will work (because we 
require gnutls, and the gnutls libraries require -ltasn1), you forget 
the source side of things.  If you don't have libtasn1-devel installed 
on Fedora, then compilation fails with:

virnettlscontexttest.c:37:23: fatal error: libtasn1.h: No such file or 
directory

Next, if you have new enough gcc and the right devel files, compilation 
fails with:

virnettlscontexttest.c:1235: error: the frame size of 5376 bytes is 
larger than 4096 bytes [-Wframe-larger-than=]

and on IRC, laine reported:

<laine>	Bah. Just making the structs defined inside mymain of 
virnettlscontexttext.c as static (or moving them to be global instead of 
on the stack) doesn't work - it gets the stack usage down, but then the 
first test hits an abort in testTLSGenerateCert (virnettlscontexttest.c:180
<laine>	But that has nothing to do with the struct that's being passed 
down. Looks like the entire test is broken. Is this failing for others? 
Or do I have an older version of a library or something that's causing 
gnutls_x509_crt_init to fail?

Any ideas on what needs to be done to fix that?

It doesn't help that libvirt.org is temporarily down at the moment.

-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org




More information about the libvir-list mailing list