* tests/virnettlscontexttest: fix memory leak on virnettlscontext test case.
* Detected in valgrind run:
==25667==
==25667== 86,651 (34,680 direct, 51,971 indirect) bytes in 10 blocks are
definitely lost in loss record 350 of 351
==25667== at 0x4005447: calloc (vg_replace_malloc.c:467)
==25667== by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
==25667== by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
==25667== by 0x804DD24: testTLSSessionInit (virnettlscontexttest.c:624)
==25667== by 0x804F14D: virtTestRun (testutils.c:140)
==25667==
==25667== 100,578 (38,148 direct, 62,430 indirect) bytes in 11 blocks are
definitely lost in loss record 351 of 351
==25667== at 0x4005447: calloc (vg_replace_malloc.c:467)
==25667== by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
==25667== by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
==25667== by 0x804DD3C: testTLSSessionInit (virnettlscontexttest.c:625)
==25667== by 0x804F14D: virtTestRun (testutils.c:140)
* How to reproduce?
% cd libvirt && ./configure && make && make -C tests valgrind
or
% valgrind -v --leak-check=full ./tests/virnettlscontexttest
Signed-off-by: Alex Jia <ajia@redhat.com>
Detection based on gnutls_session doesn't work because GnuTLS 2.x.y
comes with a compat.h that defines gnutls_session to gnutls_session_t.
Instead detect this based on LIBGNUTLS_VERSION_MAJOR. Move this from
configure/config.h to gnutls_1_0_compat.h and make sure that all users
include gnutls_1_0_compat.h properly.
Also fix header guard in gnutls_1_0_compat.h.
With older GNUTLS the gnutls_x509_privkey_import function is
unable to import our private key. Instead we must use the
alternative gnutls_x509_privkey_import_pkcs8() (as certtool
does).
* virnettlscontexttest.c: Fix import of private key with
older gnutls. Also add missing newlines to key
commit 5283ea9b1d changed the
semantics of the 'expire_offset' field in the test case struct
so that instead of being an absolute timestamp, it was a delta
relative to the current time. This broke the test cases which
were testing expiry of certificates, by putting the expiry
time into the future, instead of in the past.
Fix this by changing the expiry values to be negative, so that
the delta goes into the past again.
* virnettlscontexttest.c: Fix expiry tests
Even though gnutls is a hard-req for libvirt, and gnutls depends
on libtasn1, that does not mean that you have to have the libtasn1
development files installed. Skip the test rather than failing
compilation in that case.
With newer gcc, the test consumed too much stack space. Move
things to static storage to fix that.
* configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h.
(HAVE_LIBTASN1): New automake conditional.
* tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES)
(virnettlscontexttest_LDADD): Allow compilation without libtasn1.
* tests/virnettlscontexttest.c: Skip test if headers not present.
(struct testTLSCertReq): Alter time members.
(testTLSGenerateCert): Reflect the change.
(mymain): Reduce stack usage.
This test case checks certification validation rules for
- Basic constraints
- Key purpose
- Key usage
- Start/expiry times
It checks initial context creation sanity checks, and live
session validation
