Merge pull request #4879 from yuhaoth/pr/upgrade-gnutls-next
Upgrade gnutls next
This commit is contained in:
Ronald Cron
GitHub
commit
13592ca654
4 changed files with 56 additions and 16 deletions
|
|
@ -42,13 +42,13 @@ esac
|
|||
|
||||
case "${GNUTLS_CLI:-default}" in
|
||||
"legacy") export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";;
|
||||
"next") export GNUTLS_CLI="/usr/local/gnutls-3.6.5/bin/gnutls-cli";;
|
||||
"next") export GNUTLS_CLI="/usr/local/gnutls-3.7.2/bin/gnutls-cli";;
|
||||
*) ;;
|
||||
esac
|
||||
|
||||
case "${GNUTLS_SERV:-default}" in
|
||||
"legacy") export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";;
|
||||
"next") export GNUTLS_SERV="/usr/local/gnutls-3.6.5/bin/gnutls-serv";;
|
||||
"next") export GNUTLS_SERV="/usr/local/gnutls-3.7.2/bin/gnutls-serv";;
|
||||
*) ;;
|
||||
esac
|
||||
|
||||
|
|
|
|||
|
|
@ -137,29 +137,29 @@ RUN cd /tmp \
|
|||
ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli
|
||||
ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv
|
||||
|
||||
# Build libnettle 3.4 (needed by gnutls next)
|
||||
# Build libnettle 3.7.3 (needed by gnutls next)
|
||||
RUN cd /tmp \
|
||||
&& wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.1.tar.gz -qO- | tar xz \
|
||||
&& cd nettle-3.4.1 \
|
||||
&& wget https://ftp.gnu.org/gnu/nettle/nettle-3.7.3.tar.gz -qO- | tar xz \
|
||||
&& cd nettle-3.7.3 \
|
||||
&& ./configure --disable-documentation \
|
||||
&& make ${MAKEFLAGS_PARALLEL} \
|
||||
&& make install \
|
||||
&& /sbin/ldconfig \
|
||||
&& rm -rf /tmp/nettle*
|
||||
|
||||
# Build gnutls next (3.6.5)
|
||||
# Build gnutls next (3.7.2)
|
||||
RUN cd /tmp \
|
||||
&& wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz -qO- | tar xJ \
|
||||
&& cd gnutls-3.6.5 \
|
||||
&& ./configure --prefix=/usr/local/gnutls-3.6.5 --exec_prefix=/usr/local/gnutls-3.6.5 \
|
||||
&& wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz -qO- | tar xJ \
|
||||
&& cd gnutls-3.7.2 \
|
||||
&& ./configure --prefix=/usr/local/gnutls-3.7.2 --exec_prefix=/usr/local/gnutls-3.7.2 \
|
||||
--with-included-libtasn1 --with-included-unistring --without-p11-kit \
|
||||
--disable-shared --disable-guile --disable-doc \
|
||||
&& make ${MAKEFLAGS_PARALLEL} \
|
||||
&& make install \
|
||||
&& rm -rf /tmp/gnutls*
|
||||
|
||||
ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.6.5/bin/gnutls-cli
|
||||
ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.6.5/bin/gnutls-serv
|
||||
ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.7.2/bin/gnutls-cli
|
||||
ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.7.2/bin/gnutls-serv
|
||||
|
||||
RUN pip3 install --no-cache-dir \
|
||||
mbed-host-tests \
|
||||
|
|
|
|||
|
|
@ -42,13 +42,13 @@ esac
|
|||
|
||||
case "${GNUTLS_CLI:-default}" in
|
||||
"legacy") export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";;
|
||||
"next") export GNUTLS_CLI="/usr/local/gnutls-3.6.5/bin/gnutls-cli";;
|
||||
"next") export GNUTLS_CLI="/usr/local/gnutls-3.7.2/bin/gnutls-cli";;
|
||||
*) ;;
|
||||
esac
|
||||
|
||||
case "${GNUTLS_SERV:-default}" in
|
||||
"legacy") export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";;
|
||||
"next") export GNUTLS_SERV="/usr/local/gnutls-3.6.5/bin/gnutls-serv";;
|
||||
"next") export GNUTLS_SERV="/usr/local/gnutls-3.7.2/bin/gnutls-serv";;
|
||||
*) ;;
|
||||
esac
|
||||
|
||||
|
|
|
|||
|
|
@ -405,6 +405,44 @@ requires_gnutls_tls1_3() {
|
|||
fi
|
||||
}
|
||||
|
||||
# Check %NO_TICKETS option
|
||||
requires_gnutls_next_no_ticket() {
|
||||
requires_gnutls_next
|
||||
if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
|
||||
GNUTLS_NO_TICKETS_AVAILABLE="NO"
|
||||
fi
|
||||
if [ -z "${GNUTLS_NO_TICKETS_AVAILABLE:-}" ]; then
|
||||
if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep NO_TICKETS >/dev/null
|
||||
then
|
||||
GNUTLS_NO_TICKETS_AVAILABLE="YES"
|
||||
else
|
||||
GNUTLS_NO_TICKETS_AVAILABLE="NO"
|
||||
fi
|
||||
fi
|
||||
if [ "$GNUTLS_NO_TICKETS_AVAILABLE" = "NO" ]; then
|
||||
SKIP_NEXT="YES"
|
||||
fi
|
||||
}
|
||||
|
||||
# Check %DISABLE_TLS13_COMPAT_MODE option
|
||||
requires_gnutls_next_disable_tls13_compat() {
|
||||
requires_gnutls_next
|
||||
if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
|
||||
GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO"
|
||||
fi
|
||||
if [ -z "${GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE:-}" ]; then
|
||||
if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep DISABLE_TLS13_COMPAT_MODE >/dev/null
|
||||
then
|
||||
GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="YES"
|
||||
else
|
||||
GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO"
|
||||
fi
|
||||
fi
|
||||
if [ "$GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE" = "NO" ]; then
|
||||
SKIP_NEXT="YES"
|
||||
fi
|
||||
}
|
||||
|
||||
# skip next test if IPv6 isn't available on this host
|
||||
requires_ipv6() {
|
||||
if [ -z "${HAS_IPV6:-}" ]; then
|
||||
|
|
@ -8589,11 +8627,13 @@ run_test "TLS1.3: Test openssl tls1_3 feature" \
|
|||
-c "TLS 1.3" \
|
||||
-s "TLS 1.3"
|
||||
|
||||
# gnutls feature tests: check if tls1.3 exists.
|
||||
# gnutls feature tests: check if TLS 1.3 is supported as well as the NO_TICKETS and DISABLE_TLS13_COMPAT_MODE options.
|
||||
requires_gnutls_tls1_3
|
||||
requires_gnutls_next_no_ticket
|
||||
requires_gnutls_next_disable_tls13_compat
|
||||
run_test "TLS1.3: Test gnutls tls1_3 feature" \
|
||||
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
|
||||
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V" \
|
||||
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
|
||||
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
|
||||
0 \
|
||||
-s "Version: TLS1.3" \
|
||||
-c "Version: TLS1.3"
|
||||
|
|
|
|||
Loading…
Reference in a new issue