diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 5b2f3be..d019101 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -1,8 +1,14 @@ name: linux on: - - push - + push: + branches: + - '*' + tags-ignore: + - '*' + pull_request: + branches: + - '*' jobs: perl: runs-on: ubuntu-latest diff --git a/Changes b/Changes index eb711f4..5d2cbc1 100644 --- a/Changes +++ b/Changes @@ -2,6 +2,76 @@ Revision history for Crypt-OpenSSL-SignCSR. {{$NEXT}} +0.14 -- Wed Jul 26 21:53:12 ADT 2023 + + - 46298e7 Support openbsd's LibreSSL + - f782397 v0.13 + +0.13 -- Tue Jul 25 23:43:27 ADT 2023 + + - 63caf53 fix linux github actions + - e6ce8ba A few more openssl differences and compiler issues + - cfd7e85 Point to correct repo + - f48933d use Crypt::OpenSSL:ConfiguredAPI to get the set API level + - 0aa73aa v0.12 + +0.12 -- Thu Jul 20 23:41:31 ADT 2023 + + - 150a974 Increment version for release + - 61978d5 Fix incorrect case for PERL_VERSION + - 9f7fafe Change tabs to spaces - no code changes + - 10d3a65 Fix issue with more openssl versions + - 9eccdd7 (tag: 0.11, origin/main) v0.11 + +0.11 -- Tue Jul 18 19:27:54 ADT 2023 + + - daa5dd9 Increment version for release + - 3a09798 Remove undocumented sigopts from sign() + - 4295e6b Better regex for more openssl versions + - a32ff18 Find out the version of OpenSSL + - 2a21fa4 v0.10 + +0.10 -- Sat Jul 08 21:24:27 ADT 2023 + + - 7272fa3 Increment the version for a release + - 4b10acc Include all of 1.1 Openssl releases in older functions + - b9d2ae4 v0.09 + +0.09 -- Sat Jul 08 15:26:53 ADT 2023 + + [ Release 0.08 as production] + - Some additional fixes for openssl versions since 0.07 + - 70debea Update version for release + - 1e9fef5 v0.08 + +0.08 -- Fri Jul 07 23:58:11 ADT 2023 + + - a6dc051 Fix up a few older openssl issues + - 2e233f8 Increment repo versioni - in Makefile.PLwq + - ee4d8c9 Increment repo version + - 1676f26 (tag: 0.07) v0.07 + +0.07 -- Sun Jul 02 22:05:17 ADT 2023 + + - 344b594 Some packaging fixes + - 32fe761 Fix a pod issue and increment repo version + - 40c37df (tag: 0.06) v0.06 + + +0.06 -- Sat Jul 01 21:09:19 ADT 2023 + + [Significant Changes since 0.05] + + Fix some remaining issues with openssl versions and + a build issue on threaded perls which requires context + + [Detailed Logs] + + - ddfd2c2 Fix issue with threaded perl requiring context + - 9b57abd More changes to fix warnings and errors for mac and windows + - f063bee Increment version + - 24b5db6 (tag: 0.05) v0.05 + 0.05 -- Fri Jun 30 17:26:04 ADT 2023 [Significant Changes since 0.04] diff --git a/Makefile.PL b/Makefile.PL index 273840c..36775e1 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -11,15 +11,33 @@ use ExtUtils::MakeMaker; use Config; use File::Spec; use Crypt::OpenSSL::Guess; +use Crypt::OpenSSL::ConfiguredAPI; + my %args; my ($major, $minor, $patch) = openssl_version(); print "Installed OpenSSL: $major.$minor.$patch\n"; +my $version = ($major * 10000) + ($minor * 100); +my $api = Crypt::OpenSSL::ConfiguredAPI::get_configured_api(); +print "API version read $api\n"; + +if (!$api) { + my $prefix = find_openssl_prefix(); + my $exec = find_openssl_exec($prefix); + if (`$exec version` =~ m/LibreSSL/){ + $api = 10100; + print "LibreSSL detected setting api to 10100\n"; + } +} + +my $compat = $api ne 0 ? $api : $version; +print "OPENSSL_COMPAT_API set to: $compat\n"; + $args{INC} = openssl_inc_paths(); $args{LIBS} = [openssl_lib_paths() . ' -lssl -lcrypto']; -my $cc_option_flags = $major ge 3 ? ' -DOPENSSL_API_COMPAT=30000' : ' -DOPENSSL_API_COMPAT=10100'; +my $cc_option_flags = " -DOPENSSL_API_COMPAT=$compat"; if ($Config::Config{cc} =~ /gcc/i) { $cc_option_flags .= $ENV{AUTHOR_TESTING} ? ' -Wall -Werror' : ' -Wall'; @@ -41,7 +59,7 @@ if ($Config{gccversion} =~ /llvm/i) { $cc_option_flags .= ' -Wno-compound-token-split-by-macro'; } - if ($Config{perl_version} <= 20) { + if ($Config{PERL_VERSION} <= 20) { $cc_option_flags .= ' -Wno-error=pointer-bool-conversion'; } } @@ -55,22 +73,33 @@ if ($Config{myuname} =~ /sunos|solaris/i) { my %WriteMakefileArgs = ( "ABSTRACT" => "Sign a Certificate Signing Request in XS.", "AUTHOR" => "Timothy Legge ", + "BUILD_REQUIRES" => { + "Crypt::OpenSSL::ConfiguredAPI" => 0, + "Crypt::OpenSSL::Guess" => 0 + }, "CONFIGURE_REQUIRES" => { + "Crypt::OpenSSL::ConfiguredAPI" => 0, + "Crypt::OpenSSL::Guess" => 0, "ExtUtils::MakeMaker" => 0 }, "DISTNAME" => "Crypt-OpenSSL-SignCSR", "LICENSE" => "apache", "MIN_PERL_VERSION" => "5.014", "NAME" => "Crypt::OpenSSL::SignCSR", - "PREREQ_PM" => {}, + "PREREQ_PM" => { + "Exporter" => 0, + "XSLoader" => 0 + }, "TEST_REQUIRES" => { "Crypt::OpenSSL::Guess" => 0, "Crypt::OpenSSL::PKCS10" => "0.19", "Crypt::OpenSSL::RSA" => 0, "File::Slurper" => "0.012", - "File::Which" => 0 + "File::Temp" => 0, + "File::Which" => 0, + "Test::More" => "0.88" }, - "VERSION" => "0.06", + "VERSION" => "0.14", "test" => { "TESTS" => "t/*.t" } @@ -82,11 +111,16 @@ my %WriteMakefileArgs = ( ); my %FallbackPrereqs = ( + "Crypt::OpenSSL::ConfiguredAPI" => 0, "Crypt::OpenSSL::Guess" => 0, "Crypt::OpenSSL::PKCS10" => "0.19", "Crypt::OpenSSL::RSA" => 0, + "Exporter" => 0, "File::Slurper" => "0.012", - "File::Which" => 0 + "File::Temp" => 0, + "File::Which" => 0, + "Test::More" => "0.88", + "XSLoader" => 0 ); unless ( eval { ExtUtils::MakeMaker->VERSION('6.63_03') } ) { diff --git a/README.md b/README.md index 5f0f8f5..2bf1772 100644 --- a/README.md +++ b/README.md @@ -15,14 +15,14 @@ my $signer = Crypt::OpenSSL::SignCSR->new( format => $format, # Output format "text" or "pem" (default) }); my $cert = $signer->sign( - $request, # CRS in PEM format + $request, # CSR in PEM format ); my $ret = $signer->set_days(3650); my $ret = $signer->set_format("text"); my $ret = $signer->set_days("SHA512"); -$cert = $signer->sign( $request ); # CRS in PEM format +$cert = $signer->sign( $request ); # CSR in PEM format ``` # DESCRIPTION @@ -103,7 +103,7 @@ Arguments: Get the number of days that is currently set. -Returns a number +Returns the number of days or -1 for a failure. # EXPORT @@ -126,7 +126,7 @@ I did not write any OpenSSL related code I simply copied and pasted the work of the OpenSSL project's openssl code until I arrived at a XS based module that could create a certificate from a Certificate Signing Request. -= head LICENSE +# LICENSE Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/SignCSR.xs b/SignCSR.xs index 5d1b780..0386434 100644 --- a/SignCSR.xs +++ b/SignCSR.xs @@ -31,7 +31,7 @@ # define SERIAL_RAND_BITS 159 BIO *bio_err; -#if OPENSSL_API_COMPAT >= 30101 +#if OPENSSL_API_COMPAT >= 30000 OSSL_LIB_CTX *libctx = NULL; static const char *propq = NULL; #endif @@ -55,7 +55,11 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) if (btmp == NULL) return 0; +#if OPENSSL_API_COMPAT <= 10100 + if (!BN_rand(btmp, SERIAL_RAND_BITS, 0, 0)) +#else if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) +#endif goto error; if (ai && !BN_to_ASN1_INTEGER(btmp, ai)) goto error; @@ -74,24 +78,32 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, int days) { if (startdate == NULL || strcmp(startdate, "today") == 0) { +#if OPENSSL_API_COMPAT <= 10100 + if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) +#else if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL) +#endif return 0; } else { -#if OPENSSL_API_COMPAT >= 10101 - if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate)) +#if OPENSSL_API_COMPAT <= 11000 + if (!ASN1_TIME_set_string(X509_get_notBefore(x), startdate)) #else - if (!ASN1_TIME_set_string(X509_getm_notBefore(x), startdate)) + if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate)) #endif return 0; } if (enddate == NULL) { +#if OPENSSL_API_COMPAT <= 10100 + if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) +#else if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL) +#endif == NULL) return 0; -#if OPENSSL_API_COMPAT >= 10101 - } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) { +#if OPENSSL_API_COMPAT <= 11000 + } else if (!ASN1_TIME_set_string(X509_get_notAfter(x), enddate)) { #else - } else if (!ASN1_TIME_set_string(X509_getm_notAfter(x), enddate)) { + } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) { #endif return 0; } @@ -140,7 +152,7 @@ int cert_matches_key(const X509 *cert, const EVP_PKEY *pkey) int match; ERR_set_mark(); - match = X509_check_private_key(cert, pkey); + match = X509_check_private_key((X509 *) cert, (EVP_PKEY *) pkey); ERR_pop_to_mark(); return match; } @@ -175,7 +187,7 @@ int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vf int rv = 0; if (do_x509_req_init(x, vfyopts) > 0){ -#if OPENSSL_API_COMPAT >= 30101 +#if OPENSSL_API_COMPAT >= 30000 rv = X509_REQ_verify_ex(x, pkey, libctx, propq); #else rv = X509_REQ_verify(x, pkey); @@ -310,7 +322,16 @@ static int key_destroy(pTHX_ SV* var, MAGIC* magic) { static const MGVTBL key_magic = { NULL, NULL, NULL, NULL, key_destroy }; -MODULE = Crypt::OpenSSL::SignCSR PACKAGE = Crypt::OpenSSL::SignCSR +MODULE = Crypt::OpenSSL::SignCSR PACKAGE = Crypt::OpenSSL::SignCSR PREFIX = signcsr_ + +BOOT: + ERR_load_crypto_strings(); +#if OPENSSL_API_COMPAT <= 10100 + ERR_load_ERR_strings(); + OpenSSL_add_all_algorithms(); + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); +#endif PROTOTYPES: DISABLE @@ -416,6 +437,8 @@ char * get_digest(self) CODE: SV **svp; + RETVAL = SvPV_nolen(newSVpv("",0)); + // Get the output format - default is pem format if (hv_exists(self, "digest", strlen("digest"))) { svp = hv_fetch(self, "digest", strlen("digest"), 0); @@ -423,11 +446,6 @@ char * get_digest(self) RETVAL = SvPV_nolen(SvRV(*svp)); } } - else { - //FIXME this should probably get the default for openssl - //but since nothing was set this is likely most accurate - RETVAL = SvPV_nolen(newSVpv("",0)); - } OUTPUT: @@ -449,7 +467,7 @@ IV set_digest(self, SV* digest) #endif if (digest != NULL) { digestname = (const char*) SvPV(digest, digestname_length); - //printf("Digest Name: %s\n", digestname); + // printf("Digest Name: %s\n", digestname); md = (EVP_MD *)EVP_get_digestbyname(digestname); } @@ -458,7 +476,9 @@ IV set_digest(self, SV* digest) RETVAL = 0; else RETVAL = 1; - } + } else { + //printf("Can't change digets to %s\n", digestname); + } OUTPUT: @@ -470,6 +490,8 @@ char * get_format(self) CODE: SV **svp; + RETVAL = SvPV_nolen(newSVpv("",0)); + // Get the output format - default is pem format if (hv_exists(self, "format", strlen("format"))) { svp = hv_fetch(self, "format", strlen("format"), 0); @@ -477,9 +499,6 @@ char * get_format(self) RETVAL = SvPV_nolen(SvRV(*svp)); } } - else { - RETVAL = SvPV_nolen(newSVpv("",0)); - } OUTPUT: @@ -489,7 +508,7 @@ IV set_format(self, SV* format) HV * self; CODE: - IV ret = 0; + RETVAL = 0; if (sv_cmp(format, newSVpv("pem", 0)) == 0 || sv_cmp(format, newSVpv("text", 0)) == 0 ) @@ -499,7 +518,7 @@ IV set_format(self, SV* format) else RETVAL = 1; } else { - RETVAL = ret; + RETVAL = 0; } OUTPUT: @@ -512,6 +531,7 @@ IV get_days(self) CODE: SV **svp; + RETVAL = -1; // Get the number of days for specified - default 365 if (hv_exists(self, "days", strlen("days"))) { svp = hv_fetch(self, "days", strlen("days"), 0); @@ -528,6 +548,7 @@ IV set_days(self, IV days) HV * self; CODE: + RETVAL = 0; if((hv_store(self, "days", 4, newSViv(days), 0)) == NULL) RETVAL = 0; @@ -538,13 +559,12 @@ IV set_days(self, IV days) RETVAL -SV * sign(self, request_SV, sigopts) +SV * sign(self, request_SV) HV * self; SV * request_SV; PREINIT: EVP_MD_CTX *mctx; - STACK_OF(OPENSSL_STRING) *sigopts = NULL; CODE: @@ -560,7 +580,7 @@ SV * sign(self, request_SV, sigopts) STRLEN digestname_length; IV days; SV * digest = NULL; - SV * format; + SV * format = NULL; if (!hv_exists(self, "privkey", strlen("privkey"))) croak("privkey not found in self!\n"); @@ -617,13 +637,19 @@ SV * sign(self, request_SV, sigopts) // Verify the CSR is properly signed EVP_PKEY *pkey; if (csr != NULL) { +#if OPENSSL_API_COMPAT <= 10100 + pkey = X509_REQ_get_pubkey(csr); +#else pkey = X509_REQ_get0_pubkey(csr); +#endif + if (pkey == NULL) + croak ("Warning: unable to get public key from CSR\n"); int ret = do_X509_REQ_verify(csr, pkey, NULL); - if (pkey == NULL || ret < 0) - croak ("Warning: error while verifying CSR self-signature\n"); if (ret == 0) croak ("Verification of CSR failed\n"); + if ( ret < 0) + croak ("Warning: error while verifying CSR self-signature\n"); } else croak("Unable to properly parse the Certificate Signing Request\n"); @@ -647,7 +673,11 @@ SV * sign(self, request_SV, sigopts) croak("X509_set_subject_name cannot set subject name\n"); // Update the certificate with the CSR's public key +#if OPENSSL_API_COMPAT <= 10100 + if (!X509_set_pubkey(x, X509_REQ_get_pubkey(csr))) +#else if (!X509_set_pubkey(x, X509_REQ_get0_pubkey(csr))) +#endif croak("X509_set_pubkey cannot set public key\n"); // FIXME need to look at this @@ -688,8 +718,10 @@ SV * sign(self, request_SV, sigopts) X509V3_set_ctx(&ext_ctx, issuer_cert, x, NULL, NULL, X509V3_CTX_REPLACE); if (!X509V3_set_issuer_pkey(&ext_ctx, private_key)) croak("X509V3_set_issuer_pkey cannot set issuer private key\n"); -#else +#elseif OPENSSL_API_COMPAT >=10010 X509V3_set_ctx(&ext_ctx, issuer_cert, x, csr, NULL, X509V3_CTX_REPLACE); +#else + X509V3_set_ctx(&ext_ctx, issuer_cert, x, csr, NULL, 0); #endif // Set the X509 version of the certificate @@ -712,18 +744,23 @@ SV * sign(self, request_SV, sigopts) } if (md != NULL) digestname = (const char *) digestname; - else + else { digestname = NULL; - + printf("Failed to set the digest md = Null\n"); + } //printf ("DIGEST NAME = %s\n", digestname); // Allocate and a new digest context for certificate signing +#if OPENSSL_API_COMPAT <= 10100 + mctx = EVP_MD_CTX_create(); +#else mctx = EVP_MD_CTX_new(); +#endif // Sign the new certificate #if OPENSSL_API_COMPAT >= 30101 - if (mctx != NULL && do_sign_init(mctx, private_key, digestname, sigopts) > 0) + if (mctx != NULL && do_sign_init(mctx, private_key, digestname, NULL) > 0) #else - if (mctx != NULL && do_sign_init(mctx, private_key, md, sigopts) > 0) + if (mctx != NULL && do_sign_init(mctx, private_key, md, NULL) > 0) #endif rv = (X509_sign_ctx(x, mctx) > 0); @@ -750,3 +787,23 @@ SV * sign(self, request_SV, sigopts) RETVAL +#if OPENSSL_API_COMPAT > 10200 +void signcsr_DESTROY(void) + + CODE: + /* deinitialisation is done automatically */ + +#else +void signcsr_DESTROY(void) + + CODE: + + CRYPTO_cleanup_all_ex_data(); + ERR_free_strings(); +#if OPENSSL_API_COMPAT < 10000 + ERR_remove_state(0); +#endif + EVP_cleanup(); + +#endif + diff --git a/cpanfile b/cpanfile index 1250982..648d110 100644 --- a/cpanfile +++ b/cpanfile @@ -1,16 +1,28 @@ # This file is generated by Dist::Zilla::Plugin::CPANFile v6.030 # Do not edit this file directly. To change prereqs, edit the `dist.ini` file. -requires "perl" => "5.008"; +requires "Exporter" => "0"; +requires "XSLoader" => "0"; +requires "perl" => "5.014"; + +on 'build' => sub { + requires "Crypt::OpenSSL::ConfiguredAPI" => "0"; + requires "Crypt::OpenSSL::Guess" => "0"; +}; on 'test' => sub { + requires "Crypt::OpenSSL::Guess" => "0"; requires "Crypt::OpenSSL::PKCS10" => "0.19"; requires "Crypt::OpenSSL::RSA" => "0"; requires "File::Slurper" => "0.012"; + requires "File::Temp" => "0"; requires "File::Which" => "0"; + requires "Test::More" => "0.88"; }; on 'configure' => sub { + requires "Crypt::OpenSSL::ConfiguredAPI" => "0"; + requires "Crypt::OpenSSL::Guess" => "0"; requires "ExtUtils::MakeMaker" => "0"; }; diff --git a/dist.ini b/dist.ini index 42377fb..a589eb4 100644 --- a/dist.ini +++ b/dist.ini @@ -14,6 +14,22 @@ maintainer = Timothy Legge -remove = MakeMaker -remove = Readme +[AutoPrereqs] +skip = ^vars$ +skip = utf8 +skip = warnings +skip = strict +skip = overload +skip = base + +[Prereqs / BuildRequires] +Crypt::OpenSSL::Guess = 0 +Crypt::OpenSSL::ConfiguredAPI = 0 + +[Prereqs / ConfigureRequires] +Crypt::OpenSSL::Guess = 0 +Crypt::OpenSSL::ConfiguredAPI = 0 + [Prereqs / RuntimeRequires] perl = 5.014 @@ -21,7 +37,6 @@ perl = 5.014 File::Slurper = 0.012 Crypt::OpenSSL::PKCS10 = 0.19 Crypt::OpenSSL::RSA = 0 -Crypt::OpenSSL::Guess = 0 File::Which = 0 [Pod2Readme] @@ -49,6 +64,7 @@ stopword = pem [Test::Kwalitee] [MetaJSON] +[MetaProvides::Package] [Test::CPAN::Meta::JSON] @@ -61,13 +77,14 @@ filename = Changes [CopyFilesFromBuild] copy = Makefile.PL copy = LICENSE +copy = cpanfile [MakeMaker::Awesome] header_file = maint/Makefile_header.PL WriteMakefile_arg = %args [Repository] -git_remote = origin +git_remote = upstream [Bugtracker] web = https://github.com/perl-net-saml2/perl-Crypt-OpenSSL-SignCSR/issues diff --git a/lib/Crypt/OpenSSL/SignCSR.pm b/lib/Crypt/OpenSSL/SignCSR.pm index e84a3eb..99e124f 100644 --- a/lib/Crypt/OpenSSL/SignCSR.pm +++ b/lib/Crypt/OpenSSL/SignCSR.pm @@ -7,7 +7,7 @@ use warnings; require Exporter; -our $VERSION = "0.06"; +our $VERSION = "0.14"; our @ISA = qw(Exporter); @@ -43,14 +43,14 @@ Crypt::OpenSSL::SignCSR - Sign a Certificate Signing Request in XS. format => $format, # Output format "text" or "pem" (default) }); my $cert = $signer->sign( - $request, # CRS in PEM format + $request, # CSR in PEM format ); my $ret = $signer->set_days(3650); my $ret = $signer->set_format("text"); my $ret = $signer->set_days("SHA512"); - $cert = $signer->sign( $request ); # CRS in PEM format + $cert = $signer->sign( $request ); # CSR in PEM format =head1 DESCRIPTION @@ -122,7 +122,7 @@ Arguments: Get the number of days that is currently set. -Returns a number +Returns the number of days or -1 for a failure. =head1 EXPORT @@ -145,7 +145,7 @@ I did not write any OpenSSL related code I simply copied and pasted the work of the OpenSSL project's openssl code until I arrived at a XS based module that could create a certificate from a Certificate Signing Request. -= head LICENSE +=head1 LICENSE Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/maint/Makefile_header.PL b/maint/Makefile_header.PL index 9f423cd..c366b4e 100644 --- a/maint/Makefile_header.PL +++ b/maint/Makefile_header.PL @@ -1,15 +1,33 @@ use Config; use File::Spec; use Crypt::OpenSSL::Guess; +use Crypt::OpenSSL::ConfiguredAPI; + my %args; my ($major, $minor, $patch) = openssl_version(); print "Installed OpenSSL: $major.$minor.$patch\n"; +my $version = ($major * 10000) + ($minor * 100); +my $api = Crypt::OpenSSL::ConfiguredAPI::get_configured_api(); +print "API version read $api\n"; + +if (!$api) { + my $prefix = find_openssl_prefix(); + my $exec = find_openssl_exec($prefix); + if (`$exec version` =~ m/LibreSSL/){ + $api = 10100; + print "LibreSSL detected setting api to 10100\n"; + } +} + +my $compat = $api ne 0 ? $api : $version; +print "OPENSSL_COMPAT_API set to: $compat\n"; + $args{INC} = openssl_inc_paths(); $args{LIBS} = [openssl_lib_paths() . ' -lssl -lcrypto']; -my $cc_option_flags = $major ge 3 ? ' -DOPENSSL_API_COMPAT=30000' : ' -DOPENSSL_API_COMPAT=10100'; +my $cc_option_flags = " -DOPENSSL_API_COMPAT=$compat"; if ($Config::Config{cc} =~ /gcc/i) { $cc_option_flags .= $ENV{AUTHOR_TESTING} ? ' -Wall -Werror' : ' -Wall'; @@ -31,7 +49,7 @@ if ($Config{gccversion} =~ /llvm/i) { $cc_option_flags .= ' -Wno-compound-token-split-by-macro'; } - if ($Config{perl_version} <= 20) { + if ($Config{PERL_VERSION} <= 20) { $cc_option_flags .= ' -Wno-error=pointer-bool-conversion'; } } diff --git a/t/001-openssl-version.t b/t/001-openssl-version.t new file mode 100644 index 0000000..435b840 --- /dev/null +++ b/t/001-openssl-version.t @@ -0,0 +1,7 @@ +use Test::More; +use Crypt::OpenSSL::Guess; +my ($major, $minor, $patch) = openssl_version(); +print STDERR "\tOpenSSL Version $major$minor$patch"; +ok ($major); + +done_testing; diff --git a/t/002-create-cert-from-csr.t b/t/002-create-cert-from-csr.t index 1d7966e..b39b93c 100644 --- a/t/002-create-cert-from-csr.t +++ b/t/002-create-cert-from-csr.t @@ -72,7 +72,7 @@ bczN2A== -----END CERTIFICATE REQUEST----- CERTREQUEST -my $cert = $signer->sign($request, ''); +my $cert = $signer->sign($request); my $certfile = tempfile(); my ($certfh, $certfilename) = tempfile(); @@ -85,7 +85,7 @@ eval { $result = `$openssl x509 -in $certfilename -text`; }; -like($result, qr/Issuer: C = CA, O = XML::Sig, OU = perl/, "Certificate - Issuer OK"); +like($result, qr/Issuer:.*XML::Sig.*perl/, "Certificate - Issuer OK"); like($result, qr/Signature Algorithm: sha512WithRSAEncryption/, "Certificate - Signature OK"); ok($signer->get_days() eq 365, "Days were set successfully"); diff --git a/t/003-openssl-crypt-pkcs10.t b/t/003-openssl-crypt-pkcs10.t index 60cf24c..29bb468 100644 --- a/t/003-openssl-crypt-pkcs10.t +++ b/t/003-openssl-crypt-pkcs10.t @@ -72,7 +72,7 @@ my $signer = Crypt::OpenSSL::SignCSR->new( isa_ok($signer, "Crypt::OpenSSL::SignCSR"); -my $cert = $signer->sign($request, ''); +my $cert = $signer->sign($request); my $certfile = tempfile(); my ($certfh, $certfilename) = tempfile(); @@ -88,7 +88,7 @@ eval { unlink $certfilename; -like($result, qr/Issuer: C = CA, ST = New Brunswick, O = XML::Sig, OU = perl/, "Certificate - Issuer OK"); +like($result, qr/Issuer:.*XML::Sig.*perl/, "Certificate - Issuer OK"); like($result, qr/Signature Algorithm: sha512WithRSAEncryption/, "Certificate - Signature OK"); done_testing