- 21 8月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
In commit f905cc99 a use of uninitialized data was fixed based on a coverity report. It turns out it was possible to trigger this issue by pointing libvirt at non-existent certificate files, typically causing a crash. This adds a test case for that scenario. With the above commit reverted, this new test case will crash with a SEGV. With the fix applied, it passes, reporting a normal libvirt error to the caller. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 13 8月, 2013 1 次提交
-
-
由 Martin Kletzander 提交于
I noticed this yesterday and fixed it in a different way, but ended up with one more problem. It was probably the way I fixed it combined with one more filename changed. Anyway, why I'm saying this is that one more filename should be renamed in order to avoid a race (which I was unable to reproduce, though). I checked this is the last file those two tests have in common by going through the code and the re-checked by this "script": strace -o session.trace -e open ./virnettlssessiontest strace -o context.trace -e open ./virnettlscontexttest sort \ <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' context.trace | sort -u)\ <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' session.trace | sort -u)\ | uniq -d| grep '.pem$' So it should be enough to make these tests independent of each other. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 09 8月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Use a separate keyfile name for the two TLS test suites so that they don't clash when running tests in parallel Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 08 8月, 2013 4 次提交
-
-
由 Daniel P. Berrange 提交于
The code added to validate CA certificates did not take into account the possibility that the cacert.pem file can contain multiple (concatenated) cert data blocks. Extend the code for loading CA certs to use the gnutls APIs for loading cert lists. Add test cases to check that multi-level trees of certs will validate correctly. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently a 'struct testTLSCertReq' instance is passed into the TLS test cases. This is not flexible enough to cope with certificate chains, where one file now corresponds to multiple certificates. Change the test cases so that we pass in filenames instead. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently every test case in the TLS test suite generates the certs fresh. This is a waste of time, since its parameters don't change across test cases. Create certs once in main method. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virnettlscontexttest.c tests both virNetTLSContext and virNetTLSSession functionality. Split into two separate tests, to make the code size more manageable Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 05 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
When given a CA cert with basic constraints to set non-critical, and key usage of 'key signing', this should be rejected. Version of GNUTLS < 3 do not rejecte it though, so we never noticed the test case was broken Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 08 2月, 2013 1 次提交
-
-
由 John Ferlan 提交于
testTLSDerEncode() will allocate memory for der.data, it wasn't VIR_FREE()'d. also don't initialized der to use static buffer.
-
- 23 1月, 2013 1 次提交
-
-
由 John Ferlan 提交于
-
- 08 1月, 2013 1 次提交
-
-
由 John Ferlan 提交于
Fix copy-paste error doing handshake. The clientShake was not set to true, thus we'd potentially never leave the handshake while loop.
-
- 21 12月, 2012 5 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 12 10月, 2012 1 次提交
-
-
由 Ján Tomko 提交于
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 07 8月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Make virNetTLSContext and virNetTLSSession use the virObject APIs for reference counting Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 06 4月, 2012 1 次提交
-
-
由 Laine Stump 提交于
When building on Fedora 17 (which uses gcc 4.7.0) with -O0 in CFLAGS, three of the tests failed to compile. cputest.c and qemuxml2argvtest.c had non-static structs defined inside the macro that was being repeatedly invoked. Due to some so-far unidentified change in gcc, the stack space used by variables defined inside { } is not recovered/re-used when the block ends, so all these structs have become additive (this is the same problem worked around in commit cf57d345). Fortunately, these two files could be fixed with a single line addition of "static" to the struct definition in the macro. virnettlscontexttest.c was a bit different, though. The problem structs in the do/while loop of macros had non-constant initializers, so it took a bit more work and piecemeal initialization instead of member initialization to get things to be happy. In an ideal world, none of these changes should be necessary, but not knowing how long it will be until the gcc regressions are fixed, and since the code is just as correct after this patch as before, it makes sense to fix libvirt's build for -O0 while also reporting the gcc problem.
-
- 27 3月, 2012 1 次提交
-
-
由 Martin Kletzander 提交于
Return statements with parameter enclosed in parentheses were modified and parentheses were removed. The whole change was scripted, here is how: List of files was obtained using this command: git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' | \ grep -e '\.[ch]$' -e '\.py$' Found files were modified with this command: sed -i -e \ 's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \ -e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_' Then checked for nonsense. The whole command looks like this: git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' | \ grep -e '\.[ch]$' -e '\.py$' | xargs sed -i -e \ 's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \ -e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_'
-
- 02 2月, 2012 1 次提交
-
-
由 Philipp Hahn 提交于
virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and GNUTLS_FSAN_APPEND, which - according to <http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only available since 2.6.0. Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only enable the test when the version of GNUTLS is at least 2.6.0. Signed-off-by: NPhilipp Hahn <hahn@univention.de> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 15 11月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
The src/util/network.c file is a dumping ground for many different APIs. Split it up into 5 pieces, along functional lines - src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs - src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs - src/util/virsocketaddr.c: virSocketAddr and APIs - src/conf/netdev_bandwidth_conf.c: XML parsing / formatting for virNetDevBandwidth - src/conf/netdev_vport_profile_conf.c: XML parsing / formatting for virNetDevVPortProfile * src/util/network.c, src/util/network.h: Split into 5 pieces * src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h, src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h, src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h, src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h, src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces * daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c, src/conf/domain_conf.h, src/conf/network_conf.c, src/conf/network_conf.h, src/conf/nwfilter_conf.h, src/esx/esx_util.h, src/network/bridge_driver.c, src/qemu/qemu_conf.c, src/rpc/virnetsocket.c, src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h, src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h, src/util/virnetdev.h, src/util/virnetdevtap.c, tools/virsh.c: Update include files
-
- 10 11月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
The socket address APIs in src/util/network.h either take the form virSocketAddrXXX, virSocketXXX or virSocketXXXAddr. Sanitize this so everything is virSocketAddrXXXX, and ensure that the virSocketAddr parameter is always the first one. * src/util/network.c, src/util/network.h: Santize socket address API naming * src/conf/domain_conf.c, src/conf/network_conf.c, src/conf/nwfilter_conf.c, src/network/bridge_driver.c, src/nwfilter/nwfilter_ebiptables_driver.c, src/nwfilter/nwfilter_learnipaddr.c, src/qemu/qemu_command.c, src/rpc/virnetsocket.c, src/util/dnsmasq.c, src/util/iptables.c, src/util/virnetdev.c, src/vbox/vbox_tmpl.c: Update for API renaming
-
- 08 9月, 2011 1 次提交
-
-
由 Alex Jia 提交于
* tests/virnettlscontexttest: fix memory leak on virnettlscontext test case. * Detected in valgrind run: ==25667== ==25667== 86,651 (34,680 direct, 51,971 indirect) bytes in 10 blocks are definitely lost in loss record 350 of 351 ==25667== at 0x4005447: calloc (vg_replace_malloc.c:467) ==25667== by 0x4F1F515D: gnutls_init (gnutls_state.c:270) ==25667== by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181) ==25667== by 0x804DD24: testTLSSessionInit (virnettlscontexttest.c:624) ==25667== by 0x804F14D: virtTestRun (testutils.c:140) ==25667== ==25667== 100,578 (38,148 direct, 62,430 indirect) bytes in 11 blocks are definitely lost in loss record 351 of 351 ==25667== at 0x4005447: calloc (vg_replace_malloc.c:467) ==25667== by 0x4F1F515D: gnutls_init (gnutls_state.c:270) ==25667== by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181) ==25667== by 0x804DD3C: testTLSSessionInit (virnettlscontexttest.c:625) ==25667== by 0x804F14D: virtTestRun (testutils.c:140) * How to reproduce? % cd libvirt && ./configure && make && make -C tests valgrind or % valgrind -v --leak-check=full ./tests/virnettlscontexttest Signed-off-by: NAlex Jia <ajia@redhat.com>
-
- 04 8月, 2011 1 次提交
-
-
由 Matthias Bolte 提交于
Detection based on gnutls_session doesn't work because GnuTLS 2.x.y comes with a compat.h that defines gnutls_session to gnutls_session_t. Instead detect this based on LIBGNUTLS_VERSION_MAJOR. Move this from configure/config.h to gnutls_1_0_compat.h and make sure that all users include gnutls_1_0_compat.h properly. Also fix header guard in gnutls_1_0_compat.h.
-
- 29 7月, 2011 1 次提交
-
-
由 Matthias Bolte 提交于
Prefer 'return EXIT_AM_SKIP' over 'exit(EXIT_AM_SKIP)'. Prefer 'int main(void)' over 'int main(int argc, char **argv)'. Fix mymain signature in commandtest and nodeinfotest.
-
- 26 7月, 2011 2 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
With older GNUTLS the gnutls_x509_privkey_import function is unable to import our private key. Instead we must use the alternative gnutls_x509_privkey_import_pkcs8() (as certtool does). * virnettlscontexttest.c: Fix import of private key with older gnutls. Also add missing newlines to key
-
- 25 7月, 2011 3 次提交
-
-
由 Daniel P. Berrange 提交于
commit 5283ea9b changed the semantics of the 'expire_offset' field in the test case struct so that instead of being an absolute timestamp, it was a delta relative to the current time. This broke the test cases which were testing expiry of certificates, by putting the expiry time into the future, instead of in the past. Fix this by changing the expiry values to be negative, so that the delta goes into the past again. * virnettlscontexttest.c: Fix expiry tests
-
由 Eric Blake 提交于
* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors.
-
由 Eric Blake 提交于
Even though gnutls is a hard-req for libvirt, and gnutls depends on libtasn1, that does not mean that you have to have the libtasn1 development files installed. Skip the test rather than failing compilation in that case. With newer gcc, the test consumed too much stack space. Move things to static storage to fix that. * configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h. (HAVE_LIBTASN1): New automake conditional. * tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES) (virnettlscontexttest_LDADD): Allow compilation without libtasn1. * tests/virnettlscontexttest.c: Skip test if headers not present. (struct testTLSCertReq): Alter time members. (testTLSGenerateCert): Reflect the change. (mymain): Reduce stack usage.
-
- 22 7月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
This test case checks certification validation rules for - Basic constraints - Key purpose - Key usage - Start/expiry times It checks initial context creation sanity checks, and live session validation
-