@@ -536,32 +536,6 @@ case "${WITH_SSL_CLIENT}${WITH_SSL_SERVER}" in
536536 ;;
537537esac
538538
539- case " ${WITH_SSL_CLIENT}${WITH_SSL_SERVER} " in
540- * NSS* )
541- (command -v certutil) || {
542- if [ x" ${WITH_SSL_TESTS} " = xrequired-conditional ] ; then
543- die " Aborting because SSL tests are required, but needed third-party tooling was not found to produce the crypto credential stores for NSS"
544- fi
545- log_warn " NUT can use NSS, but needed third-party tooling was not found to produce the crypto credential stores"
546- if [ x" ${WITH_SSL_CLIENT} " = xNSS ] ; then WITH_SSL_CLIENT=" none" ; fi
547- if [ x" ${WITH_SSL_SERVER} " = xNSS ] ; then WITH_SSL_SERVER=" none" ; fi
548- }
549- ;;
550- esac
551-
552- case " ${WITH_SSL_CLIENT}${WITH_SSL_SERVER} " in
553- * OpenSSL* )
554- (command -v openssl) || {
555- if [ x" ${WITH_SSL_TESTS} " = xrequired-conditional ] ; then
556- die " Aborting because SSL tests are required, but needed third-party tooling was not found to produce the crypto credential stores for OpenSSL"
557- fi
558- log_warn " NUT can use OpenSSL, but needed third-party tooling was not found to produce the crypto credential stores"
559- if [ x" ${WITH_SSL_CLIENT} " = xOpenSSL ] ; then WITH_SSL_CLIENT=" none" ; fi
560- if [ x" ${WITH_SSL_SERVER} " = xOpenSSL ] ; then WITH_SSL_SERVER=" none" ; fi
561- }
562- ;;
563- esac
564-
565539TESTCERT_ROOTCA_NAME=" NUT Mock Root CA"
566540TESTCERT_ROOTCA_PASS=" VeryS@cur@1337"
567541TESTCERT_CLIENT_NAME=" NIT upsmon"
@@ -1219,6 +1193,7 @@ if [ x"${DO_USE_NIT_TESTCERT_CACHE-}" = xyes ] ; then
12191193 fi
12201194
12211195 check_NIT_certs && return
1196+
12221197 log_warn " FAILED check_NIT_certs with cached data, will generate anew. Removing:"
12231198 find " ${TESTCERT_PATH_BASE} " " ${CI_CACHE_NIT_HASHDIR} " -ls || true
12241199 rm -rf " ${TESTCERT_PATH_BASE} " " ${CI_CACHE_NIT_HASHDIR} " || true
@@ -1230,6 +1205,34 @@ if [ x"${DO_USE_NIT_TESTCERT_CACHE-}" = xyes ] ; then
12301205 fi
12311206fi
12321207
1208+ # NOTE: We only check for command-line tooling if we need to generate
1209+ # certs *now* (we can use cached/tarballed ones without that).
1210+ case " ${WITH_SSL_CLIENT}${WITH_SSL_SERVER} " in
1211+ * NSS* )
1212+ (command -v certutil) || {
1213+ if [ x" ${WITH_SSL_TESTS} " = xrequired-conditional ] ; then
1214+ die " Aborting because SSL tests are required, but needed third-party tooling was not found to produce the crypto credential stores for NSS"
1215+ fi
1216+ log_warn " NUT can use NSS, but needed third-party tooling was not found to produce the crypto credential stores"
1217+ if [ x" ${WITH_SSL_CLIENT} " = xNSS ] ; then WITH_SSL_CLIENT=" none" ; fi
1218+ if [ x" ${WITH_SSL_SERVER} " = xNSS ] ; then WITH_SSL_SERVER=" none" ; fi
1219+ }
1220+ ;;
1221+ esac
1222+
1223+ case " ${WITH_SSL_CLIENT}${WITH_SSL_SERVER} " in
1224+ * OpenSSL* )
1225+ (command -v openssl) || {
1226+ if [ x" ${WITH_SSL_TESTS} " = xrequired-conditional ] ; then
1227+ die " Aborting because SSL tests are required, but needed third-party tooling was not found to produce the crypto credential stores for OpenSSL"
1228+ fi
1229+ log_warn " NUT can use OpenSSL, but needed third-party tooling was not found to produce the crypto credential stores"
1230+ if [ x" ${WITH_SSL_CLIENT} " = xOpenSSL ] ; then WITH_SSL_CLIENT=" none" ; fi
1231+ if [ x" ${WITH_SSL_SERVER} " = xOpenSSL ] ; then WITH_SSL_SERVER=" none" ; fi
1232+ }
1233+ ;;
1234+ esac
1235+
12331236# Follow docs/security.txt points about setting up the crypto material
12341237# stores and their contents (mock a self-signed CA here where appropriate)
12351238# For a good summary of OpenSSL options and decent example config see e.g.
0 commit comments