IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-26 16:16:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipatests: update the fake fips mode expected message

Browse Source 
The test ipatests/test_integration/test_fips.py is faking
FIPS mode and calls "openssl md5" to ensure the algo is
not available in the fake FIPS mode.

The error message has been updated with openssl-3.0.5-5.
In the past the command used to return:
$ openssl md5 /dev/null
Error setting digest
140640350118336:error:060800C8:digital envelope routines:EVP_DigestInit_ex:disabled for FIPS:crypto/evp/digest.c:147:

And now it returns:
$ openssl md5 /dev/null
Error setting digest
00C224822E7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (MD5 : 97), Properties ()
00C224822E7F0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:crypto/evp/digest.c:252:

To be compatible with all versions, only check the common part:
Error setting digest

Mark the test as xfail since installation is currently not working.

Related: https://pagure.io/freeipa/issue/9002
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2022-09-29 16:25:20 +02:00
parent b0ba520860
commit b8947b829b
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ipatests/pytest_ipa/integration/fips.py
View File

@ -52,7 +52,7 @@ def enable_userspace_fips(host):
["openssl", "md5", "/dev/null"], raiseonerr=False
)
assert result.returncode == 1
assert "EVP_DigestInit_ex:disabled for FIPS" in result.stderr_text
assert "Error setting digest" in result.stderr_text
def disable_userspace_fips(host):

6
ipatests/test_integration/test_fips.py
View File

@ -3,6 +3,9 @@
#
"""Smoke tests for FreeIPA installation in (fake) userspace FIPS mode
"""
import pytest
from ipaplatform.osinfo import osinfo
from ipapython.dn import DN
from ipapython.ipautil import ipa_generate_password, realm_to_suffix
@ -18,6 +21,9 @@ from .test_dnssec import (
)
@pytest.mark.xfail(
osinfo.id == 'fedora' and osinfo.version_number > (35,),
reason='freeipa ticket 9002', strict=True)
class TestInstallFIPS(IntegrationTest):
num_replicas = 1
num_clients = 1