Am 19.10.2018 um 11:01 schrieb Joe Orton:
On Fri, Oct 19, 2018 at 07:25:55AM -0000, [email protected] wrote:
Author: rjung
Date: Fri Oct 19 07:25:55 2018
New Revision: 1844309
URL: http://svn.apache.org/viewvc?rev=1844309&view=rev
Log:
Do not use STDIN / STDOUT as -reqin and -respout
for "openssl ocsp", since that is supported only
in OpenSSL 1.0.2 and above.
Instead use temporary files.
This doesn't work at all for me with Perl 5.26.2 / File::Temp 0.230.600
tempnam() from File::Temp is not exported and takes two arguments, are
you testing with a different version?
Sorry, tempnam => tmpnam. Committed in r1844320. It at least works here.
Would you be able to recheck?
Compatibility functions:
$unopened_file = File::Temp::tempnam( $dir, $pfx );
I would be happy to restrict this test to running with recent versions
of OpenSSL if it requires excessive hacks to make working with older
ones.
A simpler/safer test for the OpenSSL versions would be
Index: t/ssl/ocsp.t
===================================================================
--- t/ssl/ocsp.t (revision 1844314)
+++ t/ssl/ocsp.t (working copy)
@@ -20,9 +20,12 @@
# Requires OpenSSL 1.1, can't find a simple way to test for OCSP
# support in earlier versions without messing around with stderr
my $openssl = Apache::TestSSLCA::openssl();
+my $version = Apache::TestSSLCA::version();
+my $min_version = "1.0.2";
+
if (!have_min_apache_version('2.4.26')
- or `$openssl list -commands 2>&1` !~ /ocsp/) {
- print "1..0 # skip: No OpenSSL or mod_ssl OCSP support";
+ or Apache::Test::normalize_vstring($version) <
Apache::Test::normalize_vstring($min_version)) {
+ print "1..0 # skip: Requires OpenSSL $min_version (got $version) and mod_ssl
OCSP support";
exit 0;
}
The problem here is, that what broke the test originally was not the
wrong OpenSSL version but instead relying on a feature of it (allowing
-reqin and -respout to point to STDIN resp. STDOUT). That's why I would
prefer fixing the test. At least here in my environment it now works
also with OpenSSL 0.9.8.
Not sure, if the change I applied (using temporary files for input and
output) should already be rated as "excessive hacks". I agree, it makes
a simple script roughly twice the size, but some of the new lines are
because of checking the result of the system() call (we had a fire and
forget exec() before).
Concerning your simpler approach: it is OK if we give up supporting
0.9.8 but we should probably keep the "or `$openssl list -commands 2>&1`
!~ /ocsp/" part of the test.
Regards,
Rainer
