Skip to content

XMLSec1 testing #76

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SparkiDev merged 7 commits into from
Dec 5, 2025
Merged

XMLSec1 testing #76

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5465457
- add lenient DER parser for ECDSA signatures when we fail with -171, so
gasbytes Nov 11, 2025
9d1ede5
- Added v1.21.4 to the wget workflow
gasbytes Nov 14, 2025
a878dfe
Run wget-v1.21.4 and openldap-v2.6.7 on native ubuntu:24.04 instead of
gasbytes Nov 17, 2025
9504fb7
- extracted parsing of DER length into a separate function;
gasbytes Nov 21, 2025
2169d98
- Added proper configurations for versions in wget and openldap that are
gasbytes Nov 25, 2025
c6b7ffc
xmlsec workflow
gasbytes Dec 1, 2025
1d916ba
- return statesments on new lines;
gasbytes Dec 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/libjcat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
strategy:
matrix:
os: [ ubuntu-latest ]
libjcat_ref: [ 'master', '0.2.3', '0.2.0' ]
libjcat_ref: [ '0.2.3', '0.2.0' ]
fail-fast: false
runs-on: ${{ matrix.os }}
container:
Expand Down
112 changes: 85 additions & 27 deletions .github/workflows/openldap.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,92 +1,151 @@
name: OpenLDAP Test

# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION

jobs:
build_gnutls:
name: Build wolfSSL, GnuTLS and provider
timeout-minutes: 30
strategy:
matrix:
os: [ ubuntu-latest ]
openldap_ref: [ 'master', 'OPENLDAP_REL_ENG_2_5_13', 'OPENLDAP_REL_ENG_2_6_9' ]
include:
- os: ubuntu-latest
openldap_ref: 'master'
use_container: true
- os: ubuntu-latest
openldap_ref: 'OPENLDAP_REL_ENG_2_5_13'
use_container: true
- os: ubuntu-24.04
openldap_ref: 'OPENLDAP_REL_ENG_2_6_7'
use_container: false
- os: ubuntu-latest
openldap_ref: 'OPENLDAP_REL_ENG_2_6_9'
use_container: true
fail-fast: false
runs-on: ${{ matrix.os }}
container:
image: debian:bookworm

container: ${{ matrix.use_container && 'debian:bookworm' || '' }}
steps:
- name: Checkout gnutls-wolfssl repository
uses: actions/checkout@v4

- name: Ensure make available (Ubuntu only)
if: matrix.os == 'ubuntu-latest'
- name: Ensure make available
if: matrix.use_container == true
run: |
apt-get update
apt-get install -y build-essential

- name: Install GnuTLS dependencies (Ubuntu only)
if: matrix.os == 'ubuntu-latest'
- name: Install GnuTLS dependencies
if: matrix.use_container == true
run: |
apt-get install -y gnulib autopoint gperf gtk-doc-tools nettle-dev clang \
libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev sudo \
git wget
git wget automake libtool

- name: Install OpenLDAP dependencies (Ubuntu only)
if: matrix.os == 'ubuntu-latest'
- name: Install OpenLDAP dependencies
if: matrix.use_container == true
run: |
sudo apt-get install -y libsasl2-dev libsasl2-modules libsasl2-modules-gssapi-mit \
libargon2-dev groff-base libltdl-dev

# ───────────── cache the wolfssl/gnutls tool-chain ─────────────
- name: Install dependencies on native Ubuntu
if: matrix.use_container == false
run: |
sudo apt-get update
sudo apt-get install -y build-essential gnulib autopoint gperf gtk-doc-tools nettle-dev clang \
libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev \
git wget libsasl2-dev libsasl2-modules libsasl2-modules-gssapi-mit \
libargon2-dev groff-base libltdl-dev automake libtool

- name: Prepare cache directories (native runner)
if: matrix.use_container == false
run: |
sudo mkdir -p /opt/gnutls /opt/wolfssl /opt/wolfssl-gnutls-wrapper
sudo chown -R $USER:$USER /opt/gnutls /opt/wolfssl /opt/wolfssl-gnutls-wrapper

# ───────────── cache the wolfssl/gnutls tool-chain ─────────────
- name: Restore cached gnutls-wolfssl
id: cache-gnutls
uses: actions/cache@v4
with:
path: |
/opt/gnutls
/opt/wolfssl
/opt/wolfssl-gnutls-wrapper
key: gnutls-wolfssl-${{ runner.os }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
${{ matrix.use_container && '/opt/gnutls' || '~/cache/gnutls' }}
${{ matrix.use_container && '/opt/wolfssl' || '~/cache/wolfssl' }}
${{ matrix.use_container && '/opt/wolfssl-gnutls-wrapper' || '~/cache/wolfssl-gnutls-wrapper' }}
key: gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
restore-keys: |
gnutls-wolfssl-${{ runner.os }}-
gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-

- name: Copy cache to /opt (native runner only)
if: matrix.use_container == false && steps.cache-gnutls.outputs.cache-hit == 'true'
run: |
sudo mkdir -p /opt
sudo cp -a ~/cache/gnutls /opt/
sudo cp -a ~/cache/wolfssl /opt/
sudo cp -a ~/cache/wolfssl-gnutls-wrapper /opt/

- name: Build GnuTLS with wolfSSL provider using setup.sh script
if: steps.cache-gnutls.outputs.cache-hit != 'true'
run: |
echo "Running setup.sh..."
GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
# For native runner: also save to cache location
if [[ "${{ matrix.use_container }}" == "false" ]]; then
mkdir -p ~/cache
sudo cp -a /opt/gnutls ~/cache/
sudo cp -a /opt/wolfssl ~/cache/
sudo cp -a /opt/wolfssl-gnutls-wrapper ~/cache/
sudo chown -R $(id -u):$(id -g) ~/cache
fi

- name: Check setup.sh output directories
run: |
test -d /opt/wolfssl || { echo "/opt/wolfssl missing"; exit 1; }
test -d /opt/gnutls || { echo "/opt/gnutls missing"; exit 1; }
test -d /opt/wolfssl-gnutls-wrapper/lib || { echo "/opt/wolfssl-gnutls-wrapper/lib missing"; exit 1; }

- name: Build OpenLDAP at ${{ matrix.openldap_ref }}
run: |
git clone https://git.openldap.org/openldap/openldap.git
cd openldap
if [ "${{ matrix.openldap_ref }}" != "master" ]; then
git checkout ${{ matrix.openldap_ref }}
fi

- name: Configure OpenLDAP
working-directory: openldap
run: |
export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig
export CPPFLAGS=-I/opt/gnutls/include
export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib"
if [[ "${{ matrix.openldap_ref }}" = "OPENLDAP_REL_ENG_2_6_7" ]]; then
./configure \
ac_cv_func_memcmp_working=yes \
lt_cv_dlopen_self=yes \
--with-yielding-select=yes \
--enable-dynamic \
--enable-crypt \
--with-tls=gnutls \
--with-cyrus-sasl \
--enable-otp \
--with-argon2=libargon2 \
--enable-argon2 \
--enable-ppolicy \
--enable-remoteauth \
--prefix=/opt/openldap \
--enable-modules \
--enable-ipv6 \
--enable-asyncmeta=mod \
--enable-mdb=yes \
--enable-ldap=mod \
--enable-meta=mod \
--enable-null=mod \
--enable-passwd=mod \
--enable-proxycache=mod \
--enable-dnssrv=mod
else
./configure \
--with-tls=gnutls \
--with-cyrus-sasl \
Expand All @@ -97,13 +156,12 @@ jobs:
--enable-remoteauth \
--prefix=/opt/openldap \
--enable-modules

fi
- name: Build OpenLDAP
working-directory: openldap
run: |
make depend
make

- name: Test OpenLDAP
working-directory: openldap
run: |
Expand Down
95 changes: 68 additions & 27 deletions .github/workflows/wget.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,53 +18,84 @@ jobs:
timeout-minutes: 20
strategy:
matrix:
os: [ ubuntu-latest ]
wget_ref: [ 'master', 'v1.21.3', 'v1.24.5' ]
include:
- os: ubuntu-latest
wget_ref: 'master'
use_container: true
- os: ubuntu-latest
wget_ref: 'v1.21.3'
use_container: true
- os: ubuntu-24.04
wget_ref: 'v1.21.4'
use_container: false
- os: ubuntu-latest
wget_ref: 'v1.24.5'
use_container: true
fail-fast: false
runs-on: ${{ matrix.os }}
container:
image: debian:bookworm
container: ${{ matrix.use_container && 'debian:bookworm' || '' }}

steps:
- name: Checkout gnutls-wolfssl repository
uses: actions/checkout@v4

- name: Ensure make available (Ubuntu only)
if: matrix.os == 'ubuntu-latest'
- name: Ensure make available
if: matrix.use_container == true
run: |
apt-get update
apt-get install -y build-essential

- name: Install GnuTLS dependencies (Ubuntu only)
if: matrix.os == 'ubuntu-latest'
- name: Install GnuTLS dependencies
if: matrix.use_container == true
run: |
apt-get install -y gnulib autopoint gperf gtk-doc-tools nettle-dev clang \
libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev \
sudo wget git flex

- name: Install wget dependencies (Ubuntu only)
if: matrix.os == 'ubuntu-latest'
- name: Install wget dependencies
if: matrix.use_container == true
run: |
sudo apt-get install -y autoconf-archive libhttp-daemon-perl
- name: Install dependencies on native Ubuntu
if: matrix.use_container == false
run: |
sudo apt-get update
sudo apt-get install -y build-essential gnulib autopoint gperf gtk-doc-tools nettle-dev clang \
libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev \
wget git flex autoconf-archive libhttp-daemon-perl

# ───────────── cache the wolfssl/gnutls tool-chain ─────────────
# ───────────── cache the wolfssl/gnutls tool-chain ─────────────
- name: Restore cached gnutls-wolfssl
id: cache-gnutls
uses: actions/cache@v4
with:
path: |
/opt/gnutls
/opt/wolfssl
/opt/wolfssl-gnutls-wrapper
key: gnutls-wolfssl-${{ runner.os }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
${{ matrix.use_container && '/opt/gnutls' || '~/cache/gnutls' }}
${{ matrix.use_container && '/opt/wolfssl' || '~/cache/wolfssl' }}
${{ matrix.use_container && '/opt/wolfssl-gnutls-wrapper' || '~/cache/wolfssl-gnutls-wrapper' }}
key: gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
restore-keys: |
gnutls-wolfssl-${{ runner.os }}-
gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-

- name: Copy cache to /opt (native runner only)
if: matrix.use_container == false && steps.cache-gnutls.outputs.cache-hit == 'true'
run: |
sudo mkdir -p /opt
sudo cp -a ~/cache/gnutls /opt/
sudo cp -a ~/cache/wolfssl /opt/
sudo cp -a ~/cache/wolfssl-gnutls-wrapper /opt/

- name: Build GnuTLS with wolfSSL provider using setup.sh script
if: steps.cache-gnutls.outputs.cache-hit != 'true'
run: |
echo "Running setup.sh..."
GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
# For native runner: also save to cache location
if [[ "${{ matrix.use_container }}" == "false" ]]; then
mkdir -p ~/cache
sudo cp -a /opt/gnutls ~/cache/
sudo cp -a /opt/wolfssl ~/cache/
sudo cp -a /opt/wolfssl-gnutls-wrapper ~/cache/
sudo chown -R $(id -u):$(id -g) ~/cache
fi

- name: Check setup.sh output directories
run: |
Expand All @@ -74,7 +105,6 @@ jobs:
test -d /opt/gnutls || exit 1
echo "Check for wrapper installation..."
test -d /opt/wolfssl-gnutls-wrapper/lib || exit 1

- name: Build wget at ${{ matrix.wget_ref }}
uses: actions/checkout@v4
with:
Expand All @@ -93,33 +123,39 @@ jobs:
git clone https://github.com/coreutils/gnulib gnulib
./bootstrap
autoreconf -fi
./configure --with-ssl=gnutls --with-libgnutls-prefix=/opt/gnutls

if [[ "${{ matrix.wget_ref }}" = "v1.21.4" ]]; then
./configure --with-ssl=gnutls --with-libgnutls-prefix=/opt/gnutls \
--without-libssl-prefix \
--disable-rpath \
--with-ssl=gnutls \
--enable-pcre \
--with-zlib \
--enable-ipv6
else
./configure --with-ssl=gnutls --with-libgnutls-prefix=/opt/gnutls
fi
- name: Make wget
working-directory: wget
run: |
make -j $(nproc)

# Get python 3.11 for old versions of wget
- name: Install pyenv dependencies
if: matrix.wget_ref == 'v1.21.3'
if: matrix.wget_ref == 'v1.21.3' || matrix.wget_ref == 'v1.21.4'
run: |
sudo apt-get update
sudo apt-get install -y make build-essential libssl-dev zlib1g-dev \
libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm \
libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev \
libffi-dev liblzma-dev

- name: Install pyenv
if: matrix.wget_ref == 'v1.21.3'
if: matrix.wget_ref == 'v1.21.3' || matrix.wget_ref == 'v1.21.4'
run: |
curl https://pyenv.run | bash

- name: Test wget
working-directory: wget
run: |
# If Python 3.11 needed, reinitialize pyenv
if [ "${{ matrix.wget_ref }}" = "v1.21.3" ]; then
if [[ "${{ matrix.wget_ref }}" = "v1.21.3" || "${{ matrix.wget_ref }}" = "v1.21.4" ]]; then
export PYENV_ROOT="$HOME/.pyenv"
export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init --path)"
Expand All @@ -128,5 +164,10 @@ jobs:
pyenv global 3.11.9
python --version
fi
# To make /opt/gnutls visible to the test binaries, LD_LIBRARY_PATH
# is needed since we disable rpath for v1.21.4.
if [[ "${{ matrix.wget_ref }}" = "v1.21.4" ]]; then
export LD_LIBRARY_PATH=/opt/gnutls/lib:/opt/wolfssl/lib:/opt/wolfssl-gnutls-wrapper/lib:$LD_LIBRARY_PATH
fi
make check
find . -name '*.log' | xargs grep wgw
Loading
Loading