Re: svn commit: r1844309 - /httpd/test/framework/trunk/t/htdocs/modules/cgi/ocsp.pl.PL
On Fri, Oct 19, 2018 at 11:39:27AM +0200, Rainer Jung wrote: > Concerning your simpler approach: it is OK if we give up supporting 0.9.8 > but we should probably keep the "or `$openssl list -commands 2>&1` !~ > /ocsp/" part of the test. OK good point, let's leave it as-is. r1844320 works for me, thanks!
Re: svn commit: r1844309 - /httpd/test/framework/trunk/t/htdocs/modules/cgi/ocsp.pl.PL
Am 19.10.2018 um 11:01 schrieb Joe Orton: On Fri, Oct 19, 2018 at 07:25:55AM -, rj...@apache.org wrote: Author: rjung Date: Fri Oct 19 07:25:55 2018 New Revision: 1844309 URL: http://svn.apache.org/viewvc?rev=1844309=rev Log: Do not use STDIN / STDOUT as -reqin and -respout for "openssl ocsp", since that is supported only in OpenSSL 1.0.2 and above. Instead use temporary files. This doesn't work at all for me with Perl 5.26.2 / File::Temp 0.230.600 tempnam() from File::Temp is not exported and takes two arguments, are you testing with a different version? Sorry, tempnam => tmpnam. Committed in r1844320. It at least works here. Would you be able to recheck? Compatibility functions: $unopened_file = File::Temp::tempnam( $dir, $pfx ); I would be happy to restrict this test to running with recent versions of OpenSSL if it requires excessive hacks to make working with older ones. A simpler/safer test for the OpenSSL versions would be Index: t/ssl/ocsp.t === --- t/ssl/ocsp.t(revision 1844314) +++ t/ssl/ocsp.t(working copy) @@ -20,9 +20,12 @@ # Requires OpenSSL 1.1, can't find a simple way to test for OCSP # support in earlier versions without messing around with stderr my $openssl = Apache::TestSSLCA::openssl(); +my $version = Apache::TestSSLCA::version(); +my $min_version = "1.0.2"; + if (!have_min_apache_version('2.4.26') -or `$openssl list -commands 2>&1` !~ /ocsp/) { -print "1..0 # skip: No OpenSSL or mod_ssl OCSP support"; +or Apache::Test::normalize_vstring($version) < Apache::Test::normalize_vstring($min_version)) { +print "1..0 # skip: Requires OpenSSL $min_version (got $version) and mod_ssl OCSP support"; exit 0; } The problem here is, that what broke the test originally was not the wrong OpenSSL version but instead relying on a feature of it (allowing -reqin and -respout to point to STDIN resp. STDOUT). That's why I would prefer fixing the test. At least here in my environment it now works also with OpenSSL 0.9.8. Not sure, if the change I applied (using temporary files for input and output) should already be rated as "excessive hacks". I agree, it makes a simple script roughly twice the size, but some of the new lines are because of checking the result of the system() call (we had a fire and forget exec() before). Concerning your simpler approach: it is OK if we give up supporting 0.9.8 but we should probably keep the "or `$openssl list -commands 2>&1` !~ /ocsp/" part of the test. Regards, Rainer
Re: svn commit: r1844309 - /httpd/test/framework/trunk/t/htdocs/modules/cgi/ocsp.pl.PL
On 10/19/2018 11:01 AM, Joe Orton wrote: > On Fri, Oct 19, 2018 at 07:25:55AM -, rj...@apache.org wrote: >> Author: rjung >> Date: Fri Oct 19 07:25:55 2018 >> New Revision: 1844309 >> >> URL: http://svn.apache.org/viewvc?rev=1844309=rev >> Log: >> Do not use STDIN / STDOUT as -reqin and -respout >> for "openssl ocsp", since that is supported only >> in OpenSSL 1.0.2 and above. >> >> Instead use temporary files. > > This doesn't work at all for me with Perl 5.26.2 / File::Temp 0.230.600 > > tempnam() from File::Temp is not exported and takes two arguments, are > you testing with a different version? > >Compatibility functions: > > $unopened_file = File::Temp::tempnam( $dir, $pfx ); > > I would be happy to restrict this test to running with recent versions > of OpenSSL if it requires excessive hacks to make working with older > ones. > > A simpler/safer test for the OpenSSL versions would be > > Index: t/ssl/ocsp.t > === > --- t/ssl/ocsp.t (revision 1844314) > +++ t/ssl/ocsp.t (working copy) > @@ -20,9 +20,12 @@ > # Requires OpenSSL 1.1, can't find a simple way to test for OCSP > # support in earlier versions without messing around with stderr > my $openssl = Apache::TestSSLCA::openssl(); > +my $version = Apache::TestSSLCA::version(); > +my $min_version = "1.0.2"; > + > if (!have_min_apache_version('2.4.26') > -or `$openssl list -commands 2>&1` !~ /ocsp/) { > -print "1..0 # skip: No OpenSSL or mod_ssl OCSP support"; > +or Apache::Test::normalize_vstring($version) < > Apache::Test::normalize_vstring($min_version)) { > +print "1..0 # skip: Requires OpenSSL $min_version (got $version) and > mod_ssl OCSP support"; How would we know in this case that this recent Openssl version was build with ocsp support? Regards RĂ¼diger
Re: svn commit: r1844309 - /httpd/test/framework/trunk/t/htdocs/modules/cgi/ocsp.pl.PL
On Fri, Oct 19, 2018 at 07:25:55AM -, rj...@apache.org wrote: > Author: rjung > Date: Fri Oct 19 07:25:55 2018 > New Revision: 1844309 > > URL: http://svn.apache.org/viewvc?rev=1844309=rev > Log: > Do not use STDIN / STDOUT as -reqin and -respout > for "openssl ocsp", since that is supported only > in OpenSSL 1.0.2 and above. > > Instead use temporary files. This doesn't work at all for me with Perl 5.26.2 / File::Temp 0.230.600 tempnam() from File::Temp is not exported and takes two arguments, are you testing with a different version? Compatibility functions: $unopened_file = File::Temp::tempnam( $dir, $pfx ); I would be happy to restrict this test to running with recent versions of OpenSSL if it requires excessive hacks to make working with older ones. A simpler/safer test for the OpenSSL versions would be Index: t/ssl/ocsp.t === --- t/ssl/ocsp.t(revision 1844314) +++ t/ssl/ocsp.t(working copy) @@ -20,9 +20,12 @@ # Requires OpenSSL 1.1, can't find a simple way to test for OCSP # support in earlier versions without messing around with stderr my $openssl = Apache::TestSSLCA::openssl(); +my $version = Apache::TestSSLCA::version(); +my $min_version = "1.0.2"; + if (!have_min_apache_version('2.4.26') -or `$openssl list -commands 2>&1` !~ /ocsp/) { -print "1..0 # skip: No OpenSSL or mod_ssl OCSP support"; +or Apache::Test::normalize_vstring($version) < Apache::Test::normalize_vstring($min_version)) { +print "1..0 # skip: Requires OpenSSL $min_version (got $version) and mod_ssl OCSP support"; exit 0; }