[perl-HTTP-Daemon-SSL] Do not test weak keys

Petr Pisar Wed, 14 May 2014 01:46:28 -0700

commit 3ee6bba50022ad36259059780e24bdaae33cef4b
Author: Petr Písař <ppi...@redhat.com>
Date:   Wed May 14 10:41:41 2014 +0200


    Do not test weak keys

 ...nerate-keys-and-certificates-at-test-time.patch |   90 ++++++++++++++++++++
 perl-HTTP-Daemon-SSL.spec                          |    8 ++-
 2 files changed, 97 insertions(+), 1 deletions(-)
---
diff --git 
a/HTTP-Daemon-SSL-1.04-Generate-keys-and-certificates-at-test-time.patch 
b/HTTP-Daemon-SSL-1.04-Generate-keys-and-certificates-at-test-time.patch
new file mode 100644
index 0000000..c923f5e
--- /dev/null
+++ b/HTTP-Daemon-SSL-1.04-Generate-keys-and-certificates-at-test-time.patch
@@ -0,0 +1,90 @@
+From 2b728bdd6df8968d1dae92856ac5ebed85d71d2a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
+Date: Wed, 14 May 2014 10:36:50 +0200
+Subject: [PATCH] Generate keys and certificates at test-time
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes <https://rt.cpan.org/Public/Bug/Display.html?id=88998>.
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ Makefile.PL    |  2 ++
+ t/testmodule.t | 38 +++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 39 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.PL b/Makefile.PL
+index 17fe591..b8927b2 100644
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -10,5 +10,7 @@ WriteMakefile(
+   'VERSION_FROM' => 'SSL.pm',
+   'DISTNAME' => 'HTTP-Daemon-SSL',
+   'PREREQ_PM' => { 'HTTP::Daemon' => 1.0, 'IO::Socket::SSL' => 0.93 },
++  'BUILD_REQUIRES' => { 'HTTP::Daemon' => 1.0, 'IO::Socket::SSL' => 0.93,
++      'IO::Socket::SSL::Utils' => 0 },
+   'dist' => { COMPRESS => 'gzip', SUFFIX => 'gz', },
+ );
+diff --git a/t/testmodule.t b/t/testmodule.t
+index 6ca235a..c83d9ab 100644
+--- a/t/testmodule.t
++++ b/t/testmodule.t
+@@ -4,10 +4,11 @@
+ 
+ use HTTP::Daemon::SSL;
+ use HTTP::Status;
++use IO::Socket::SSL::Utils;
+ eval {require "t/ssl_settings.req";} ||
+ eval {require "ssl_settings.req";};
+ 
+-$numtests = 9;
++$numtests = 14;
+ $|=1;
+ $SIG{PIPE}='IGNORE';
+ 
+@@ -22,6 +23,41 @@ print "1..$numtests\n";
+ 
+ $test = 0;
+ 
++my ($ca_cert, $ca_key) = CERT_create(
++    subject => { commonName => 'Dummy IO::Socket::SSL Certificate Authority' 
},
++    CA => 1,
++);
++(defined $ca_cert and defined $ca_key) || print 'not ';
++&ok('authority certificate generated');
++
++my ($server_cert, $server_key) = CERT_create(
++    subject => { commonName => 'IO::Socket::SSL Dummy Server Certificate' },
++    CA => 0,
++    issuer_cert => $ca_cert,
++    issuer_key => $ca_key,
++);
++(defined $server_cert and defined $server_key) || print 'not ';
++&ok('server certificate generated');
++
++eval { PEM_cert2file($ca_cert, 'certs/test-ca.pem') };
++(!$@ and -s 'certs/test-ca.pem') || print 'not ';
++&ok('authority certificate saved');
++
++PEM_cert2file($server_cert, 'certs/server-cert.pem');
++(!$@ and -s 'certs/server-cert.pem') || print 'not ';
++&ok('server certificate saved');
++
++PEM_key2file($server_key, 'certs/server-key.pem');
++(!$@ and -s 'certs/server-key.pem') || print 'not ';
++&ok('server key saved');
++
++# freeing fails now <https://bugzilla.redhat.com/show_bug.cgi?id=1097640>
++#CERT_free($ca_cert);
++#KEY_free($ca_key);
++#CERT_free($server_cert);
++#KEY_free($server_key);
++
++
+ unless (fork) {
+     sleep 1;
+ 
+-- 
+1.9.0
+
diff --git a/perl-HTTP-Daemon-SSL.spec b/perl-HTTP-Daemon-SSL.spec
index 2b2c760..09b42b6 100644
--- a/perl-HTTP-Daemon-SSL.spec
+++ b/perl-HTTP-Daemon-SSL.spec
@@ -1,6 +1,6 @@
 Name:           perl-HTTP-Daemon-SSL
 Version:        1.04
-Release:        13%{?dist}
+Release:        14%{?dist}
 Summary:        Simple http server class with SSL support
 License:        GPL+ or Artistic
 Group:          Development/Libraries
@@ -8,6 +8,8 @@ URL:            http://search.cpan.org/dist/HTTP-Daemon-SSL/
 Source0:        
http://www.cpan.org/modules/by-module/HTTP/HTTP-Daemon-SSL-%{version}.tar.gz
 # Adapt tests to IO::Socket::SSL 1.80, CPAN RT#81932
 Patch0:         HTTP-Daemon-SSL-1.04-Adapt-tests-to-IO-Socket-SSL-1.80.patch
+# Do not test weak keys with OpenSSL 1.0.1, bug #1058728, CPAN RT#88998
+Patch1:         
HTTP-Daemon-SSL-1.04-Generate-keys-and-certificates-at-test-time.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:      noarch
 BuildRequires:  perl(ExtUtils::MakeMaker)
@@ -25,6 +27,7 @@ IO::Socket::SSL, so you can perform socket operations 
directly on it too.
 %prep
 %setup -q -n HTTP-Daemon-SSL-%{version}
 %patch0 -p1
+%patch1 -p1
 
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor
@@ -53,6 +56,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man3/HTTP::Daemon::SSL.3pm*
 
 %changelog
+* Wed May 14 2014 Petr Pisar <ppi...@redhat.com> - 1.04-14
+- Do not test weak keys (bug #1058728)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.04-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/perl-devel

[perl-HTTP-Daemon-SSL] Do not test weak keys

Reply via email to