From patchwork Mon Sep 8 18:18:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4399 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b149:b0:671:5a2c:6455 with SMTP id s9csp1284175maw; Mon, 8 Sep 2025 11:19:12 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVLR4xoHkgEy/ZoY+zv2MKwzKBmvfDZR1L7oS1jzY10WgGCQO8PG41aSM/GLN9gke3Rj23gYp5W6RI=@openvpn.net X-Google-Smtp-Source: AGHT+IHgmEWVaYIaRUirQGTpEcfVaFpOnI06eO3s3S4U9ie7zeaLk2fhwGZR9UUrXH0NaWJe/prX X-Received: by 2002:a05:6870:d112:b0:314:b6a6:686c with SMTP id 586e51a60fabf-32265237d5fmr3783006fac.46.1757355552711; Mon, 08 Sep 2025 11:19:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1757355552; cv=none; d=google.com; s=arc-20240605; b=aD7ttktyc1eC7+/oLmI4gWNw/X0bXzv56pY5mkZiIb2tSvpY8vjtdP4w4O9SCjclI1 tX3uP3rl8xND3oKlq2Tgcftq1CFCOAdf3oOZAtV/bPbpgj1dAKTi49dkXafjfubEo0B2 2lRelR1uRjZMctLYlyS9DmUdnUmHHrlEWqHHo81pOb+O5e4DebjxHVCXhaJv0kP6jngK TVMbNGJxBgRb+fx5AuF8dEH3lVYQBoqj4Rt1zsO1Dl+HZBUxZW+hqKmfjbTnSIRBJGEc /xHiUoex7Y8AjRxq3xxn8PEOz6tTbJDyzT0+hiu2P4IGC/NvmZHEUX+IukErRW+1oXpO jjmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=ob+2Yg6qy4n5IpRUQuoZj2Kg4TEcMZj1UREnD1IASik=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=XxeeFNbsOJ90Qb8dNZq6iptpQ3BHum++Hea7VvSMe9HkaQz+W1nkcboojyyaSnj+pn rFbOn4VE+H2sP2eEZTtYVV0N8YvVMg5PJnQd4GfS5cqKiB8F7uQQQAt4pJ60wmQmTKyX 9oRkZsFsJtWNmvTisUwDSd1uH0BE6XyBw8fYlDLUcjGt4IAROyDEna6cy3zrCNJ+NanQ 57ZIo6A4iDazH4FTOpey2s8P88Quuwzd7sdrao1pJFlhwBwAQ0IVC/JObfFJCLwI7tZK myIQtwcZ7d8pYh4DKSYMOcjIrXHr8PvSQ82NIbKSstSP76PV7DrNfjThO6MvY6oRD7m1 d10A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=XU4sxhRm; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=MHpdKIv5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=d+dRAbZd; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3298162bbb4si269763fac.326.2025.09.08.11.19.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Sep 2025 11:19:12 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=XU4sxhRm; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=MHpdKIv5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=d+dRAbZd; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ob+2Yg6qy4n5IpRUQuoZj2Kg4TEcMZj1UREnD1IASik=; b=XU4sxhRmABEay+unuREEqEosdB udfNVgMoVP51ZVhCm7oyb80H4iZ2MeUnno2t2guTkPwmqOFP8Y9Mr7562N2EU0bK2UZ9nz2NB9d9g YizJ/QAJcqmbsF9X2YmcWfaThmfZA/EY3UUaik/cmxrVadncf4Th7Yn5kXCik6gcHfu8=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uvgSJ-0002jT-IW; Mon, 08 Sep 2025 18:19:07 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uvgSH-0002jJ-QE for openvpn-devel@lists.sourceforge.net; Mon, 08 Sep 2025 18:19:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=LvA/IgNU4RE4+V+yPez2JlzJ3S23GSyt4/9GnJ5/htQ=; b=MHpdKIv5mkimY8yZE5Rg2PB7mE xjzYXp/0qsJ0Z5aQDgyv3WOxqDNauMUiaUQrdgA8YnL9HZR+AGBtJfGrecvU+sDh/XitiNAzAKBB7 5qK7m6HDPKAFu4sFdfTrnUpdjnjWT1lCB/0CDBg0Fn9EVjDuOJRaznm8Lirh+QG7ux1Y=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=LvA/IgNU4RE4+V+yPez2JlzJ3S23GSyt4/9GnJ5/htQ=; b=d+dRAbZdsWoj8XAuNdu90zHpcl QEYMNqYWl7NkKWwsYKNJm8GvmRYFqZ7M6u359HrnPS56YxARhOnql+NAbh+1d6nTa6wnKBNOmT5a6 v+2JMCMal43GHQLgUkuIRF7z7YlxoEpT4ouPx3Td4qXY2XhlByvQugAcUo3B+eoe17d8=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uvgSG-0000Jx-MR for openvpn-devel@lists.sourceforge.net; Mon, 08 Sep 2025 18:19:05 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 588IIrJB005067 for ; Mon, 8 Sep 2025 20:18:53 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 588IIrSX005066 for openvpn-devel@lists.sourceforge.net; Mon, 8 Sep 2025 20:18:53 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Sep 2025 20:18:46 +0200 Message-ID: <20250908181852.5054-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe This allow the unit test to also run in environments that have seclevel (SSL_CTX_set_security_level) set to 3. Closes: openvpn/openvpn#830 Change-Id: I327ecc9a85dd906517c28e71fe500883bfa028a4 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uvgSG-0000Jx-MR Subject: [Openvpn-devel] [PATCH v2] Switch test_ssl certificate from RSA 2048 to secp384r1 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1842720855661229163?= X-GMAIL-MSGID: =?utf-8?q?1842720855661229163?= From: Arne Schwabe This allow the unit test to also run in environments that have seclevel (SSL_CTX_set_security_level) set to 3. Closes: openvpn/openvpn#830 Change-Id: I327ecc9a85dd906517c28e71fe500883bfa028a4 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1172 This mail reflects revision 2 of this Change. Signed-off-by line for the author was added as per our policy. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c index 7bf5396..bb02fcc 100644 --- a/tests/unit_tests/openvpn/test_ssl.c +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -83,59 +83,36 @@ return; } +/* generated using + * openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -keyout - \ + * -noenc -sha256 -days 3650 -subj '/CN=ovpn-test-secp384r1' -nodes \ + * -addext 'subjectAltName=DNS:unittest.example.com' \ + * -addext 'extendedKeyUsage=clientAuth' + */ static const char *const unittest_cert = "-----BEGIN CERTIFICATE-----\n" - "MIIDYzCCAkugAwIBAgIRALrXTx4lqa8QgF7uGjISxmcwDQYJKoZIhvcNAQELBQAw\n" - "GDEWMBQGA1UEAwwNT1ZQTiBURVNUIENBMTAgFw0yMzAzMTMxNjA5MThaGA8yMTIz\n" - "MDIxNzE2MDkxOFowGTEXMBUGA1UEAwwOb3Zwbi10ZXN0LXJzYTEwggEiMA0GCSqG\n" - "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7xFoR6fmoyfsJIQDKKgbYgFw0MzVuDAmp\n" - "Rx6KTEihgTchkQx9fHddWbKiOUbcEnQi3LNux7P4QVl/4dRR3skisBug6Vd5LXeB\n" - "GZqmpu5XZiF4DgLz1lX21G0aOogFWkie2qGEcso40159x9FBDl5A3sLP18ubeex0\n" - "pd/BzDFv6SLOTyVWO/GCNc8IX/i0uN4mLvoVU00SeqwTPnS+CRXrSq4JjGDJLsXl\n" - "0/PlxkjsgU0yOOA0Z2d8Fzk3wClwP6Hc49BOMWKstUIhLbG2DcIv8l29EuEj2w3j\n" - "u/7gkewol96XQ2twpPvpoVAaiVh/m7hQUcQORQCD6eJcDjOZVCArAgMBAAGjgaQw\n" - "gaEwCQYDVR0TBAIwADAdBgNVHQ4EFgQUqYnRaBHrZmKLtMZES5AuwqzJkGYwUwYD\n" - "VR0jBEwwSoAU3MLDNDOK13DqflQ8ra7FeGBXK06hHKQaMBgxFjAUBgNVBAMMDU9W\n" - "UE4gVEVTVCBDQTGCFD55ErHXpK2JXS3WkfBm0NB1r3vKMBMGA1UdJQQMMAoGCCsG\n" - "AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAZVcXrezA9Aby\n" - "sfUNHAsMxrex/EO0PrIPSrmSmc9sCiD8cCIeB6kL8c5iPPigoWW0uLA9zteDRFes\n" - "ez+Z8wBY6g8VQ0tFPURDooUg5011GZPDcuw7/PsI4+I2J9q6LHEp+6Oo4faSn/kl\n" - "yWYCLjM4FZdGXbOijDacQJiN6HcRv0UdodBrEVRf7YHJJmMCbCI7ZUGW2zef/+rO\n" - "e4Lkxh0MLYqCkNKH5ZfoGTC4Oeb0xKykswAanqgR60r+upaLU8PFuI2L9M3vc6KU\n" - "F6MgVGSxl6eylJgDYckvJiAbmcp2PD/LRQQOxQA0yqeAMg2cbdvclETuYD6zoFfu\n" - "Y8aO7dvDlw==\n" + "MIICBjCCAYygAwIBAgIUFoXgpP4beykV7tpgrjHQTWPGi4cwCgYIKoZIzj0EAwIw\n" + "HjEcMBoGA1UEAwwTb3Zwbi10ZXN0LXNlY3AzODRyMTAeFw0yNTA5MDgxMzExNTBa\n" + "Fw0zNTA5MDYxMzExNTBaMB4xHDAaBgNVBAMME292cG4tdGVzdC1zZWNwMzg0cjEw\n" + "djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQVDmf+TZB3rW6zqWFox606u/PhA93ysX/h\n" + "1s2xyq9+QGzIdE/hks6p/Yzyu7RLOUjxvO0J45RHcYmo67DlvSOi496T3zrgvp1H\n" + "KfHD5ohMyvzw0+e8lmjJqJjn+PegMkOjgYowgYcwHQYDVR0OBBYEFCH1eYnaV8fh\n" + "E3Bv7lyrlYu24eoVMB8GA1UdIwQYMBaAFCH1eYnaV8fhE3Bv7lyrlYu24eoVMA8G\n" + "A1UdEwEB/wQFMAMBAf8wHwYDVR0RBBgwFoIUdW5pdHRlc3QuZXhhbXBsZS5jb20w\n" + "EwYDVR0lBAwwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDaAAwZQIxAL7q7jcwTOuq\n" + "5sp0Beq81Vnznd3gsDZYNs1OYRWH33xergDVKlBb6kCwus0dhghtVAIwIgT4ytkY\n" + "oAPx8LB3oP8ubEu1ue6V9jZln/cCiLyXDDtaiJOZHtDqHGfHqvc6rAok\n" "-----END CERTIFICATE-----\n"; static const char *const unittest_key = "-----BEGIN PRIVATE KEY-----\n" - "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7xFoR6fmoyfsJ\n" - "IQDKKgbYgFw0MzVuDAmpRx6KTEihgTchkQx9fHddWbKiOUbcEnQi3LNux7P4QVl/\n" - "4dRR3skisBug6Vd5LXeBGZqmpu5XZiF4DgLz1lX21G0aOogFWkie2qGEcso40159\n" - "x9FBDl5A3sLP18ubeex0pd/BzDFv6SLOTyVWO/GCNc8IX/i0uN4mLvoVU00SeqwT\n" - "PnS+CRXrSq4JjGDJLsXl0/PlxkjsgU0yOOA0Z2d8Fzk3wClwP6Hc49BOMWKstUIh\n" - "LbG2DcIv8l29EuEj2w3ju/7gkewol96XQ2twpPvpoVAaiVh/m7hQUcQORQCD6eJc\n" - "DjOZVCArAgMBAAECggEACqkuWAAJ3cyCBVWrXs8eDmLTWV9i9DmYvtS75ixIn2rf\n" - "v3cl12YevN0f6FgKLuqZT3Vqdqq+DCVhuIIQ9QkKMH8BQpSdE9NCCsFyZ23o8Gtr\n" - "EQ7ymfecb+RFwYx7NpqWrvZI32VJGArgPZH/zorLTTGYrAZbmBtHEqRsXOuEDw97\n" - "slwwcWaa9ztaYC8/N/7fgsnydaCFSaOByRlWuyvSmHvn6ZwLv8ANOshY6fstC0Jb\n" - "BW0GpSe9eZPjpl71VT2RtpghqLV5+iAoFDHoT+eZvBospcUGtfcZSU7RrBjKB8+a\n" - "U1d6hwKhduVs2peIQzl+FiOSdWriLcsZv79q4sBhsQKBgQDUDVTf5BGJ8apOs/17\n" - "YVk+Ad8Ey8sXvsfk49psmlCRa8Z4g0LVXfrP94qzhtl8U5kE9hs3nEF4j/kX1ZWG\n" - "k11tdsNTZN5x5bbAgEgPA6Ap6J/uto0HS8G0vSv0lyBymdKA3p/i5Dx+8Nc9cGns\n" - "LGI9MvviLX7pQFIkvbaCkdKwYwKBgQDirowjWZnm7BgVhF0G1m3DY9nQTYYU185W\n" - "UESaO5/nVzwUrA+FypJamD+AvmlSuY8rJeQAGAS6nQr9G8/617r+GwJnzRtxC6Vl\n" - "4OF5BJRsD70oX4CFOOlycMoJ8tzcYVH7NI8KVocjxb+QW82hqSvEwSsvnwwn3eOW\n" - "nr5u5vIHmQKBgCuc3lL6Dl1ntdZgEIdau0cUjXDoFUo589TwxBDIID/4gaZxoMJP\n" - "hPFXAVDxMDPw4azyjSB/47tPKTUsuYcnMfT8kynIujOEwnSPLcLgxQU5kgM/ynuw\n" - "qhNpQOwaVRMc7f2RTCMXPBYDpNE/GJn5eu8JWGLpZovEreBeoHX0VffvAoGAVrWn\n" - "+3mxykhzaf+oyg3KDNysG+cbq+tlDVVE+K5oG0kePVYX1fjIBQmJ+QhdJ3y9jCbB\n" - "UVveqzeZVXqHEw/kgoD4aZZmsdZfnVnpRa5/y9o1ZDUr50n+2nzUe/u/ijlb77iK\n" - "Is04gnGJNoI3ZWhdyrSNfXjcYH+bKClu9OM4n7kCgYAorc3PAX7M0bsQrrqYxUS8\n" - "56UU0YdhAgYitjM7Fm/0iIm0vDpSevxL9js4HnnsSMVR77spCBAGOCCZrTcI3Ejg\n" - "xKDYzh1xlfMRjJBuBu5Pd55ZAv9NXFGpsX5SO8fDZQJMwpcbQH36+UdqRRFDpjJ0\n" - "ZbX6nKcJ7jciJVKJds59Jg==\n" + "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAXBC7tpa9UepoMVZlM\n" + "OxUubkECGK7aWFebxDc3UPoEQemEPMOCdkWBSU/t7Mm4R66hZANiAAQVDmf+TZB3\n" + "rW6zqWFox606u/PhA93ysX/h1s2xyq9+QGzIdE/hks6p/Yzyu7RLOUjxvO0J45RH\n" + "cYmo67DlvSOi496T3zrgvp1HKfHD5ohMyvzw0+e8lmjJqJjn+PegMkM=\n" "-----END PRIVATE KEY-----\n"; + static const char * get_tmp_dir(void) {