From 456e71b30e6b811534ab56b4b19ab18be1f515ca Mon Sep 17 00:00:00 2001 From: Vitaly Chikunov Date: Fri, 22 Mar 2024 05:20:50 +0300 Subject: [PATCH] tcl_tests: ca.try: Ignore openssl crl exit status for 'corrupted CRL' test Older `openssl crl` exits with 0 in regard to verify no matter actual verify status, newer `openssl crl` could exit with 1 on verify failure. Make the test backward-compatible, comparing only stderr output. Fixes: https://github.com/gost-engine/engine/issues/452 Signed-off-by: Vitaly Chikunov --- tcl_tests/ca.try | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tcl_tests/ca.try b/tcl_tests/ca.try index 249923b2..8d63b10f 100644 --- a/tcl_tests/ca.try +++ b/tcl_tests/ca.try @@ -88,8 +88,7 @@ test -skip {![file exists test.crl]} "Verifying CRL OK" { test -skip {![file exists test.crl]} "Verifying corrupted CRL" { makeFile "badcrl.pem" [hackPem "\01\x1E" [getFile test.crl] "\01\0"] grep verify [openssl "crl -in badcrl.pem -noout -CAfile $::test::ca/cacert.pem"] -} 0 "verify failure -" +} -1 "STDERR CONTENTS:\nverify failure" test "Verifying CA certificate" { grep "(cacert.pem|error|OK)" [openssl "verify -CAfile $::test::ca/cacert.pem $::test::ca/cacert.pem"]