After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 784005 - tests: Fixes for souphttpsrc SSL test
tests: Fixes for souphttpsrc SSL test
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
1.12.1
Other All
: Normal normal
: 1.13.1
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2017-06-20 14:52 UTC by Jan Alexander Steffens (heftig)
Modified: 2017-10-19 12:07 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
[PATCH 1/4] tests: souphttpsrc: Update test-cert.pem (2.84 KB, patch)
2017-06-20 14:58 UTC, Jan Alexander Steffens (heftig) 		committed Details | Review
tests: souphttpsrc: Make ssl_cert/key_file static (1.82 KB, patch)
2017-06-20 14:58 UTC, Jan Alexander Steffens (heftig) 		committed Details | Review
[PATCH 3/4] tests: souphttpsrc: Avoid deprecated server ssl properties (1.94 KB, patch)
2017-06-20 14:59 UTC, Jan Alexander Steffens (heftig) 		committed Details | Review
[PATCH 4/4] tests: souphttpsrc: Avoid deprecated ssl-ca-file property (1.90 KB, patch)
2017-06-20 15:00 UTC, Jan Alexander Steffens (heftig) 		committed Details | Review

Description Jan Alexander Steffens (heftig) 2017-06-20 14:52:37 UTC 
(patches incoming)
Comment 1 Jan Alexander Steffens (heftig) 2017-06-20 14:58:21 UTC 
Created attachment 354106 [details] [review]
[PATCH 1/4] tests: souphttpsrc: Update test-cert.pem

Recent GnuTLS disregards the Common Name and only looks at the Subject
Alternative Name extension. Since our test-cert has no SAN extension,
validation fails.

Generate a new certificate with SAN. In addition to 127.0.0.1, for good
measure make it valid for localhost and ::1, too.
Comment 2 Jan Alexander Steffens (heftig) 2017-06-20 14:58:57 UTC 
Created attachment 354107 [details] [review]
tests: souphttpsrc: Make ssl_cert/key_file static

Just a bit of cleanup.
Comment 3 Jan Alexander Steffens (heftig) 2017-06-20 14:59:45 UTC 
Created attachment 354108 [details] [review]
[PATCH 3/4] tests: souphttpsrc: Avoid deprecated server ssl properties

The ssl-cert-file and ssl-key-file properties are deprecated. Use the
soup_server_set_ssl_cert_file function to load the files.
Comment 4 Jan Alexander Steffens (heftig) 2017-06-20 15:00:12 UTC 
Created attachment 354109 [details] [review]
[PATCH 4/4] tests: souphttpsrc: Avoid deprecated ssl-ca-file property

SoupSession's ssl-ca-file property is deprecated. Use the recommended
tls-database property.

This is a bit more complex as it requires creating a GTlsFileDatabase
object for an absolute (!) path to the CA certificates file.
Comment 5 Jan Alexander Steffens (heftig) 2017-06-20 15:21:47 UTC 
(In reply to Jan Alexander Steffens (heftig) from comment #1)

It's also possible that the SAN stuff is a red herring and GnuTLS doesn't like SHA1, since the new cert uses SHA256.
Comment 6 Nicolas Dufresne (ndufresne) 2017-06-29 19:38:28 UTC 
Thanks. All patches looked good and they also fixes the souphttpsrc failing test.

e63a12c77d6ff74b6d0c410ec2453bd9688ca065        tests: souphttpsrc: Update test-cert.pem 
27a0ea8cf54f580f2babb03ddadccb7ea7616f56        tests: souphttpsrc: Make ssl_cert/key_file static
9922091f1b50bf6c48ffb25be4e3bccabcee209c        tests: souphttpsrc: Avoid deprecated server ssl properties
aa8ac28d86a5c45314a6d62cfd579842f8aecad2        tests: souphttpsrc: Avoid deprecated ssl-ca-file property

Attachment 354107 [details] pushed as 27a0ea8 - tests: souphttpsrc: Make ssl_cert/key_file static
Comment 7 Jan Alexander Steffens (heftig) 2017-10-19 12:07:03 UTC 
Can you also add this patchset to 1.12?