CI: test wolfssl master branch on push

WIP/REGTESTS: activate temporarly the ocsp auto-update test on the CI
WIP: ssl/ocsp: add some printf to help debug
2025-02-24 15:26:55 +01:00 · 2025-02-24 15:24:08 +01:00 · 2025-02-24 15:22:49 +01:00 · 2025-02-24 15:22:07 +01:00
4 changed files with 14 additions and 4 deletions
--- a/.github/matrix.py
+++ b/.github/matrix.py
@ -219,7 +219,7 @@ def main(ref_name):
            "OPENSSL_VERSION=1.0.2u",
            "OPENSSL_VERSION=1.1.1s",
            "QUICTLS=yes",
-            "WOLFSSL_VERSION=5.7.0",
+            "WOLFSSL_VERSION=git-master",
            "AWS_LC_VERSION=1.39.0",
            # "BORINGSSL=yes",
        ]
--- a/reg-tests/ssl/ocsp_auto_update.vtc
+++ b/reg-tests/ssl/ocsp_auto_update.vtc
@ -1,4 +1,4 @@
-#REGTEST_TYPE=slow
+#REGTEST_TYPE=bug
 # reg-test is around ~2.5s

 # broken with BoringSSL.
@ -28,7 +28,7 @@

 varnishtest "Test the OCSP auto update feature"
 feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(3.0-dev0)'"
-feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && !ssllib_name_startswith(BoringSSL) && !ssllib_name_startswith(LibreSSL) && openssl_version_atleast(1.1.1)'"
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL_WOLFSSL) || feature(OPENSSL) && !ssllib_name_startswith(BoringSSL) && !ssllib_name_startswith(LibreSSL) && openssl_version_atleast(1.1.1)'"
 feature cmd "command -v openssl && command -v socat"
 feature ignore_unknown_macro

--- a/reg-tests/ssl/ocsp_compat_check.vtc
+++ b/reg-tests/ssl/ocsp_compat_check.vtc
@ -14,7 +14,7 @@

 varnishtest "Test the OCSP auto update feature"
 feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(3.0-dev0)'"
-feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && !ssllib_name_startswith(BoringSSL) && openssl_version_atleast(1.1.1)'"
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL_WOLFSSL) || feature(OPENSSL) && !ssllib_name_startswith(BoringSSL) && openssl_version_atleast(1.1.1)'"
 feature ignore_unknown_macro


--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -1143,6 +1143,7 @@ static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_store
 	x = data->cert;
 	if (!x)
 		goto out;
+	fprintf(stderr, "%s:%d\n", __FUNCTION__, __LINE__);

 	ssl_ocsp_get_uri_from_cert(x, ocsp_uri, &err);
 	if (!data->ocsp_response && !data->ocsp_cid) {
@ -1154,6 +1155,7 @@ static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_store
 			goto out;
 		}
 	}
+	fprintf(stderr, "%s:%d\n", __FUNCTION__, __LINE__);

 	issuer = data->ocsp_issuer;
 	/* take issuer from chain over ocsp_issuer, is what is done historicaly */
@ -1167,17 +1169,25 @@ static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_store
 			}
 		}
 	}
+
+	fprintf(stderr, "%s:%d\n", __FUNCTION__, __LINE__);
 	if (!issuer)
 		goto out;
+	fprintf(stderr, "%s:%d\n", __FUNCTION__, __LINE__);

 	if (!data->ocsp_cid) {
 		data->ocsp_cid = OCSP_cert_to_id(0, x, issuer);
 		inc_refcount_store = 1;
 	}
+
+	fprintf(stderr, "%s:%d\n", __FUNCTION__, __LINE__);
 	if (!data->ocsp_cid)
 		goto out;

+	fprintf(stderr, "%s:%d\n", __FUNCTION__, __LINE__);
+
 	i = i2d_OCSP_CERTID(data->ocsp_cid, NULL);
+	fprintf(stderr, "%s:%d certidlen: %d\n", __FUNCTION__, __LINE__, i);
 	if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
 		goto out;
Author	SHA1	Message	Date
William Lallemand	6179fe800f	CI: test wolfssl master branch on push	2025-02-24 15:26:55 +01:00
William Lallemand	c80044849a	WIP/REGTESTS: activate temporarly the ocsp auto-update test on the CI	2025-02-24 15:24:08 +01:00
William Lallemand	7716e4cf31	WIP: ssl/ocsp: add some printf to help debug	2025-02-24 15:22:49 +01:00
William Lallemand	c4fcc00157	REGTESTS: ssl: activate WolfSSL for OCSP tests	2025-02-24 15:22:07 +01:00