GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'no-more-no-cert-check' into 'master'

Browse Source 
fix test-sighup-key-change for current OpenConnect

OpenConnect 7.08 removed the option `--no-cert-check`. Pass the actual id of the newly generated server key. Fall back to the key fingerprint on CentOS 6 with an older version of GnuTLS certtool.

Resolves #81

See merge request !22
This commit is contained in:
Nikos Mavrogiannopoulos
2016-12-18 12:05:32 +00:00
parent f0c11be578 dc222463e0
commit b6a2e26f1a
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab-ci.yml
View File

@@ -4,7 +4,7 @@ Build/Debian:
image: debian:stretch
script:
- apt-get update
- apt-get install -y openconnect libuid-wrapper libpam-wrapper libnss-wrapper libsocket-wrapper gss-ntlmssp git-core make autoconf libtool autopoint gettext automake nettle-dev libwrap0-dev libpam0g-dev liblz4-dev libseccomp-dev libreadline-dev libnl-route-3-dev libkrb5-dev liboath-dev libradcli-dev libprotobuf-c0-dev libtalloc-dev libhttp-parser-dev libpcl1-dev libopts25-dev autogen protobuf-c-compiler gperf liblockfile-bin nuttcp libpam-oath libev-dev libgnutls28-dev
- apt-get install -y openconnect libuid-wrapper libpam-wrapper libnss-wrapper libsocket-wrapper gss-ntlmssp git-core make autoconf libtool autopoint gettext automake nettle-dev libwrap0-dev libpam0g-dev liblz4-dev libseccomp-dev libreadline-dev libnl-route-3-dev libkrb5-dev liboath-dev libradcli-dev libprotobuf-c0-dev libtalloc-dev libhttp-parser-dev libpcl1-dev libopts25-dev autogen protobuf-c-compiler gperf liblockfile-bin nuttcp libpam-oath libev-dev libgnutls28-dev gnutls-bin
- git submodule update --init && autoreconf -fvi && mkdir -p build && cd build &&
../configure --without-root-tests && make -j$(nproc) && make check -j$(nproc)
tags:

9
tests/test-sighup-key-change
View File

@@ -77,12 +77,19 @@ sleep 10
certtool --generate-privkey --outfile "${SERVER_KEY}" 2>/dev/null
certtool --generate-self-signed --load-privkey "${SERVER_KEY}" --template "${TEMPLATE}" --outfile "${SERVER_CERT}" 2>/dev/null
CERTARG=`certtool --key-id < "${SERVER_CERT}" 2>/dev/null | grep -v '^Invalid option'`
if test -n "$CERTARG";then
CERTARG="sha1:${CERTARG}"
else
CERTARG=`certtool -i < "${SERVER_CERT}" 2>/dev/null | sed -n '/SHA-*1 fingerprint:/{x;N;s/.*\s\([0-9a-f]\+\).*/\1/;p}'`
fi
echo "Reloading server with new key/cert pair"
kill -HUP $PID
sleep 5
echo -n "Connecting to obtain cookie (with certificate)... "
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --no-cert-check --cookieonly </dev/null >/dev/null 2>&1 ) ||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert="${CERTARG}" --cookieonly </dev/null >/dev/null 2>&1 ) ||
fail $PID "Could not connect with certificate!"
echo ok