[perl-HTTP-Daemon-SSL] Do not test weak keys
Petr Pisar
ppisar at fedoraproject.org
Wed May 14 08:45:11 UTC 2014
commit 3ee6bba50022ad36259059780e24bdaae33cef4b
Author: Petr Písař <ppisar at redhat.com>
Date: Wed May 14 10:41:41 2014 +0200
Do not test weak keys
...nerate-keys-and-certificates-at-test-time.patch | 90 ++++++++++++++++++++
perl-HTTP-Daemon-SSL.spec | 8 ++-
2 files changed, 97 insertions(+), 1 deletions(-)
---
diff --git a/HTTP-Daemon-SSL-1.04-Generate-keys-and-certificates-at-test-time.patch b/HTTP-Daemon-SSL-1.04-Generate-keys-and-certificates-at-test-time.patch
new file mode 100644
index 0000000..c923f5e
--- /dev/null
+++ b/HTTP-Daemon-SSL-1.04-Generate-keys-and-certificates-at-test-time.patch
@@ -0,0 +1,90 @@
+From 2b728bdd6df8968d1dae92856ac5ebed85d71d2a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Wed, 14 May 2014 10:36:50 +0200
+Subject: [PATCH] Generate keys and certificates at test-time
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes <https://rt.cpan.org/Public/Bug/Display.html?id=88998>.
+
+Signed-off-by: Petr Písař <ppisar at redhat.com>
+---
+ Makefile.PL | 2 ++
+ t/testmodule.t | 38 +++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 39 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.PL b/Makefile.PL
+index 17fe591..b8927b2 100644
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -10,5 +10,7 @@ WriteMakefile(
+ 'VERSION_FROM' => 'SSL.pm',
+ 'DISTNAME' => 'HTTP-Daemon-SSL',
+ 'PREREQ_PM' => { 'HTTP::Daemon' => 1.0, 'IO::Socket::SSL' => 0.93 },
++ 'BUILD_REQUIRES' => { 'HTTP::Daemon' => 1.0, 'IO::Socket::SSL' => 0.93,
++ 'IO::Socket::SSL::Utils' => 0 },
+ 'dist' => { COMPRESS => 'gzip', SUFFIX => 'gz', },
+ );
+diff --git a/t/testmodule.t b/t/testmodule.t
+index 6ca235a..c83d9ab 100644
+--- a/t/testmodule.t
++++ b/t/testmodule.t
+@@ -4,10 +4,11 @@
+
+ use HTTP::Daemon::SSL;
+ use HTTP::Status;
++use IO::Socket::SSL::Utils;
+ eval {require "t/ssl_settings.req";} ||
+ eval {require "ssl_settings.req";};
+
+-$numtests = 9;
++$numtests = 14;
+ $|=1;
+ $SIG{PIPE}='IGNORE';
+
+@@ -22,6 +23,41 @@ print "1..$numtests\n";
+
+ $test = 0;
+
++my ($ca_cert, $ca_key) = CERT_create(
++ subject => { commonName => 'Dummy IO::Socket::SSL Certificate Authority' },
++ CA => 1,
++);
++(defined $ca_cert and defined $ca_key) || print 'not ';
++&ok('authority certificate generated');
++
++my ($server_cert, $server_key) = CERT_create(
++ subject => { commonName => 'IO::Socket::SSL Dummy Server Certificate' },
++ CA => 0,
++ issuer_cert => $ca_cert,
++ issuer_key => $ca_key,
++);
++(defined $server_cert and defined $server_key) || print 'not ';
++&ok('server certificate generated');
++
++eval { PEM_cert2file($ca_cert, 'certs/test-ca.pem') };
++(!$@ and -s 'certs/test-ca.pem') || print 'not ';
++&ok('authority certificate saved');
++
++PEM_cert2file($server_cert, 'certs/server-cert.pem');
++(!$@ and -s 'certs/server-cert.pem') || print 'not ';
++&ok('server certificate saved');
++
++PEM_key2file($server_key, 'certs/server-key.pem');
++(!$@ and -s 'certs/server-key.pem') || print 'not ';
++&ok('server key saved');
++
++# freeing fails now <https://bugzilla.redhat.com/show_bug.cgi?id=1097640>
++#CERT_free($ca_cert);
++#KEY_free($ca_key);
++#CERT_free($server_cert);
++#KEY_free($server_key);
++
++
+ unless (fork) {
+ sleep 1;
+
+--
+1.9.0
+
diff --git a/perl-HTTP-Daemon-SSL.spec b/perl-HTTP-Daemon-SSL.spec
index 2b2c760..09b42b6 100644
--- a/perl-HTTP-Daemon-SSL.spec
+++ b/perl-HTTP-Daemon-SSL.spec
@@ -1,6 +1,6 @@
Name: perl-HTTP-Daemon-SSL
Version: 1.04
-Release: 13%{?dist}
+Release: 14%{?dist}
Summary: Simple http server class with SSL support
License: GPL+ or Artistic
Group: Development/Libraries
@@ -8,6 +8,8 @@ URL: http://search.cpan.org/dist/HTTP-Daemon-SSL/
Source0: http://www.cpan.org/modules/by-module/HTTP/HTTP-Daemon-SSL-%{version}.tar.gz
# Adapt tests to IO::Socket::SSL 1.80, CPAN RT#81932
Patch0: HTTP-Daemon-SSL-1.04-Adapt-tests-to-IO-Socket-SSL-1.80.patch
+# Do not test weak keys with OpenSSL 1.0.1, bug #1058728, CPAN RT#88998
+Patch1: HTTP-Daemon-SSL-1.04-Generate-keys-and-certificates-at-test-time.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: perl(ExtUtils::MakeMaker)
@@ -25,6 +27,7 @@ IO::Socket::SSL, so you can perform socket operations directly on it too.
%prep
%setup -q -n HTTP-Daemon-SSL-%{version}
%patch0 -p1
+%patch1 -p1
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
@@ -53,6 +56,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/HTTP::Daemon::SSL.3pm*
%changelog
+* Wed May 14 2014 Petr Pisar <ppisar at redhat.com> - 1.04-14
+- Do not test weak keys (bug #1058728)
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.04-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list