Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test_provider.rb: Make a legacy provider test optional. #721

Merged
merged 3 commits into from
Mar 13, 2024
Merged

test_provider.rb: Make a legacy provider test optional. #721

merged 3 commits into from
Mar 13, 2024

Conversation

junaruga
Copy link
Member

@junaruga junaruga commented Feb 8, 2024
edited
Loading

This PR is to omit (skip) tests requiring the legacy provider if it is not loadable. The issue was found by another PR #718.

In some cases, the legacy provider is not installed intentionally. So, we omit a test requiring the legacy provider if the legacy provider is not loadable.

In the test_openssl_provider_names test, we use base provider instead of legacy provider, because we would expect the base provider is always loadable in OpenSSL 3 for now.

You can see the list of the standard providers below.
https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers

This PR has 2 commits. The 1st commit is to add the no-legacy case to the CI. I chose OpenSSL head branch for the no-legacy case. Because we can notice soon if the specification around the legacy provider is changed. The 2nd commit is to omit (skip) a test requiring the legacy provider. In the test_openssl_provider_names, I replaced the used legacy provider with base provider. We don't need to use the legacy provider in the test.

I tested this PR on my forked repository.

Below is the CI result on the 1st commit. The no-legacy case failed as expected.
https://github.com/junaruga/ruby-openssl/actions/runs/7834063675/job/21376475009

Below is the CI result on the 2nd commit. the no-legacy case passed with the omitted message "Omission: Only for OpenSSL with legacy provider".
https://github.com/junaruga/ruby-openssl/actions/runs/7834165493/job/21376788379#step:12:632

@junaruga junaruga mentioned this pull request Feb 8, 2024
Merged
@junaruga junaruga requested a review from rhenium February 8, 2024 18:56
@hsbt
Copy link
Member

hsbt commented Feb 8, 2024

I update FreeBSD 13/14 around 1st Feb. But I did only pkg update and pkg upgrade.

@junaruga
Copy link
Member Author

junaruga commented Feb 9, 2024
edited
Loading

I update FreeBSD 13/14 around 1st Feb. But I did only pkg update and pkg upgrade.

Thanks for the info. I think the commands that you ran triggered the issue. In my observation, the /usr/local/bin/openssl and the other files in the openssl package was one of the ports packages that you upgraded.

Below are the results on the freebsd13 server.

$ /usr/local/bin/openssl version
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)

$ pkg which /usr/local/bin/openssl 
/usr/local/bin/openssl was installed by package openssl-3.0.13,1

$ pkg info openssl | head -3
openssl-3.0.13,1
Name           : openssl
Version        : 3.0.13,1

$ /usr/bin/openssl version
OpenSSL 1.1.1t-freebsd  7 Feb 2023

$ pkg which /usr/bin/openssl 
/usr/bin/openssl was not found in the database

The point for this PR is that the issue is more than the FreeBSD. People can install OpenSSL with configuring no-legacy option intentionally for their strategy. That is such as for a better security or to prevent users form using outdated legacy C API in their C application. When people start their new project using OpenSSL C API, there is no reason to use legacy C API. I predict that this use case will be common more and more when time passes.

@junaruga junaruga force-pushed the wip/conditional-legacy-provider-test branch from f38f331 to 6edeaa5 Compare February 14, 2024 23:02
@junaruga junaruga changed the title test_provider.rb: Run a test requiring the legacy provider conditionally. test_provider.rb: Make a legacy provider test optional. Feb 14, 2024
@junaruga
Revert "omit tests related legacy provider"
8c26fc2 
This reverts commit 9b7543d.

The case not providing the legacy provider can happen not only in FreeBSD but
also in other platforms. The fix is addressed in the next commit.
@junaruga junaruga force-pushed the wip/conditional-legacy-provider-test branch from 6edeaa5 to 92b5310 Compare February 21, 2024 09:41
@junaruga
CI: Add OpenSSL no-legacy case.
405f1ee 
Add the case of the OpenSSL that doesn't install the legacy provider.
@junaruga
test_provider.rb: Make a legacy provider test optional.
7223da7 
In some cases such as OpenSSL package in FreeBSD[1], the legacy provider is not
installed intentionally. So, we omit a test depending the legacy provider if the
legacy provider is not loadable.

For the test_openssl_provider_names test, we use base provider[2] instead of
legacy provider, because we would expect the base provider is always loadable
in OpenSSL 3 for now.

* [1] https://www.freshports.org/security/openssl/
* [2] https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers
@junaruga junaruga force-pushed the wip/conditional-legacy-provider-test branch from 92b5310 to 7223da7 Compare February 21, 2024 09:42
@junaruga
Copy link
Member Author

junaruga commented Feb 21, 2024
edited
Loading

@rhenium I rebased this PR on the latest master branch. Could you review this PR? Thanks.

@rhenium
Copy link
Member

rhenium commented Mar 13, 2024

Thank you for digging into this. It looks good to me!

@rhenium rhenium merged commit 043c503 into ruby:master Mar 13, 2024
50 checks passed
@junaruga junaruga deleted the wip/conditional-legacy-provider-test branch November 21, 2024 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhenium rhenium Awaiting requested review from rhenium

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@junaruga @hsbt @rhenium