пт, 14 февр. 2020 г. в 18:05, James Bottomley < james.bottom...@hansenpartnership.com>:
> On Thu, 2020-02-13 at 19:18 +0100, Arne Schwabe wrote: > > Am 10.02.18 um 23:50 schrieb James Bottomley: > > > Testing engines is problematic, so one of the prerequisites built > > > for the tests is a simple openssl engine that reads a non-standard > > > PEM guarded key. The test is simply can we run a client/server > > > configuration with the usual sample key replaced by an engine key. > > > The trivial engine prints out some operations and we check for > > > these in the log to make sure the engine was used to load the key > > > and that it correctly got the password. > > > > This tests the openssl engine functionality in a sensible way. But I > > think it is not fully ready to be commited. To get it working I > > needed to do following changes on my Mac: > > That could be ... I only have a linux box to try this out on. > > > commit afa697cec15b4e54e720efe9de39c9b20b13c5c8 (HEAD -> > > review/enginekeys) > > Author: Arne Schwabe <a...@rfc2549.org> > > Date: Thu Feb 13 18:13:34 2020 +0100 > > > > foo > > > > diff --git a/tests/unit_tests/engine-key/Makefile.am > > b/tests/unit_tests/engine-key/Makefile.am > > index 73921965..6d7fc9c5 100644 > > --- a/tests/unit_tests/engine-key/Makefile.am > > +++ b/tests/unit_tests/engine-key/Makefile.am > > @@ -10,4 +10,6 @@ TESTS_ENVIRONMENT = srcdir="$(abs_srcdir)"; \ > > TESTS = check_engine_keys.sh > > > > libtestengine_la_SOURCES = libtestengine.c > > -libtestengine_la_LDFLAGS = -rpath /lib -avoid-version > > +libtestengine_la_LDFLAGS = @TEST_LDFLAGS@ -rpath /lib > > +libtestengine_la_CFLAGS = @TEST_CFLAGS@ -I$(openvpn_srcdir) > > -I$(compat_srcdir) > > + > > diff --git a/tests/unit_tests/engine-key/libtestengine.c > > b/tests/unit_tests/engine-key/libtestengine.c > > index fa7f5de1..46ec1e33 100644 > > --- a/tests/unit_tests/engine-key/libtestengine.c > > +++ b/tests/unit_tests/engine-key/libtestengine.c > > @@ -30,7 +30,6 @@ static EVP_PKEY *engine_load_key(ENGINE *e, const > > char > > *key_id, > > PKCS8_PRIV_KEY_INFO *p8inf; > > UI *ui; > > char auth[256]; > > - int len; > > the variable is certainly unused and can go. > > > fprintf(stderr, "ENGINE: engine_load_key called\n"); > > > > diff --git a/tests/unit_tests/engine-key/openssl.cnf > > b/tests/unit_tests/engine-key/openssl.cnf > > index 53200c46..e9513a92 100644 > > --- a/tests/unit_tests/engine-key/openssl.cnf > > +++ b/tests/unit_tests/engine-key/openssl.cnf > > @@ -9,4 +9,4 @@ engines = engines_section > > testengine = testengine_section > > > > [testengine_section] > > -dynamic_path = $ENV::srcdir/.libs/libtestengine.so > > +dynamic_path = $ENV::srcdir/.libs/libtestengine.dylib > we use gost-engine (https://github.com/engine/gost-engine) on both linux and osx. for some time there was a bug in openssl: https://github.com/openssl/openssl/issues/8950 however, for now "dylib" is used for osx. and but we do not use "dynamic" path. we use config like that openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] gost = gost_section [gost_section] default_algorithms = ALL engine_id = gost CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet > > This can't really be done though: the .dylib extension won't work on > Linux because shared objects are .so files. > > There is a way to generate and use .so files on a MAC as well, > according to the openssl people (half the mac engines seem to have a > .so extension and the other half a .dylib one), I'll see if I can > figure out what it is. > > James > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel