On Tue, Dec 13, 2016 at 22:50:55 +0000, David Woodhouse wrote:
> On Tue, 2016-12-13 at 14:42 -0800, Mike Miller wrote:
> > Any thoughts about how to make the contents of softhsm2.module more
> > distro-agnostic?
>
> Build it (from the distro's own one) at configure time? We already
> build softhsm2.conf from softhsm2.conf.in anyway.
Sorry, I was jumping back to the .module file here, not the .conf file.
The softhsm2.module file in the release has a hardcoded path to
/usr/lib64. It's a one-liner and easy enough to overwrite here, but will
probably trip up others too.
On Tue, Dec 13, 2016 at 23:00:33 +0000, David Woodhouse wrote:
> But ocserv isn't even *using* SoftHSM. Is it failing to start up purely
> because SoftHSM is broken?
Sorry, you're right, it doesn't have to be in ocserv's environment, that
was a bad assumption on my part, but something about the way that
command line is constructed is not working here. I don't know what the
difference here is, but this patch also fixes it for me
>From 780a9b35fd7a9a4ec162db972591a236a33ee142 Mon Sep 17 00:00:00 2001
From: Mike Miller <mtmiller at debian.org>
Date: Tue, 13 Dec 2016 14:51:28 -0800
Subject: [PATCH] Ensure test suite uses local softhsm2.conf
Add SOFTHSM2_CONF to the test environment so it is picked up by
openconnect.
Signed-off-by: Mike Miller <mtmiller at debian.org>
---
tests/auth-pkcs11 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/auth-pkcs11 b/tests/auth-pkcs11
index adc40f5..230b800 100755
--- a/tests/auth-pkcs11
+++ b/tests/auth-pkcs11
@@ -36,7 +36,8 @@ for TOKEN in ${pkcs11_tokens}; do
for KEY in ${pkcs11_keys}; do
echo -n "Connecting to obtain cookie (token ${TOKEN} key ${KEY})... "
CERTURI="pkcs11:token=${TOKEN};${KEY};pin-value=1234"
- ( echo "test" | HOME=${srcdir} SOFTHSM2_CONF=softhsm2.conf LD_PRELOAD=libsocket_wrapper.so \
+ export SOFTHSM2_CONF=softhsm2.conf
+ ( echo "test" | HOME=${srcdir} LD_PRELOAD=libsocket_wrapper.so \
$OPENCONNECT -q $ADDRESS:443 -u test -c \"${CERTURI}\" --key-password 1234 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly --passwd-on-stdin ) ||
fail $PID "Could not connect with token ${TOKEN} key ${KEY##*/}!"
done
--
2.10.2
--
mike
