[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Implement --pinnedpubkey option to pin public keys
|
From: |
Tim Ruehsen |
|
Subject: |
Re: [Bug-wget] Implement --pinnedpubkey option to pin public keys |
|
Date: |
Fri, 08 Apr 2016 12:05:03 +0200 |
|
User-agent: |
KMail/4.14.10 (Linux/4.4.0-1-amd64; KDE/4.14.14; x86_64; ; ) |
@Darshit: Please see the test suite problems below (random errors, but tests
pass). Any idea ?
On Monday 04 April 2016 12:28:47 moparisthebest wrote:
> Hi all,
>
> I have now implemented tests for --pinnedpubkey, the first patch is
> unchanged from last time, the second patch has all the new test code.
>
> They all pass as long as I export SSL_TESTS as an environmental variable
> (otherwise they are skipped), I see there is code in Makefile.am that
> supposedly does that, but it's not working for me, likely because I'm
> doing something wrong...
Here I can't reproduce this. The tests do all PASS.
Run again ./bootstrap and ./configure.
Check that ./configure outputs
SSL: gnutls
(or openssl instead of gnutls).
(If it doesn't, install the SSL dev packages and ./configure again).
Now run 'make clean && make check'.
If you still see your tests skipping... in this case Test-hsts, Test--https-crl
and Test--https skip as well ?
I see randomly messages like these (e.g. from Test-pinnedpubkey-der-
https.log):
...
Saving to: ‘File1’
0K 100% 616 =0.04s
2016-04-08 12:01:06 (616 B/s) - ‘File1’ saved [24/24]
...
Error: Expected file File1 not found..
Unknown Exception while trying to remove Test Environment.
PASS Test-pinnedpubkey-der-https.py (exit status: 0)
>
> Let me know if there is anything else I can do.
>
> Thanks,
> Travis
>
> On 03/18/2016 02:10 AM, moparisthebest wrote:
> > Hi Tim,
> >
> > I've implemented your suggestions below, except the python tests, and
> > rebased on top of current HEAD, attached is the patch.
> >
> > The documentation in testenv/ says the test server doesn't support
> > https, which would be needed for this test. Has anyone started work on
> > that? Or would it be acceptable to just use socat or stunnel or similar
> > in front of the current test server?
> >
> > Thanks much,
> > Travis
> >
> > On 03/15/2016 07:50 AM, Tim Ruehsen wrote:
> >> Hi Travis,
> >>
> >> thanks for poking. I started testing... just a few more points.
> >>
> >> In wg_pin_peer_pubkey(), what is this loop do {...} while(0) about ?
> >> I looks like it is not supposed to loop (if it would, we had resource
> >> leaks). Maybe you can remove it and instead of 'break: do a 'goto
> >> end/cleanup/out' !?
> >>
> >> Please consider to use wget_read_file / wget_read_file_free() for reading
> >> the contents of a file. It also allows for stdin ('-' at the command
> >> line) which makes the new option a bit more consistent with Wget's CLI
> >> standards.
> >>
> >> Do you plan to create a python test (see testenv/) ?
> >>
> >> Regards, Tim
signature.asc
Description: This is a digitally signed message part.