Not add a cert to CA cache if it doesn't set "CA:TRUE" as basic constraints #2321
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Kerberos 5 Tests | |
# START OF COMMON SECTION | |
on: | |
push: | |
branches: [ 'master', 'main', 'release/**' ] | |
pull_request: | |
branches: [ '*' ] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
# END OF COMMON SECTION | |
jobs: | |
build_wolfssl: | |
name: Build wolfSSL | |
# Just to keep it the same as the testing target | |
if: github.repository_owner == 'wolfssl' | |
runs-on: ubuntu-latest | |
# This should be a safe limit for the tests to run. | |
timeout-minutes: 5 | |
steps: | |
- name: workaround high-entropy ASLR | |
# not needed after either an update to llvm or runner is done | |
run: sudo sysctl vm.mmap_rnd_bits=28 | |
- name: Build wolfSSL | |
uses: wolfSSL/actions-build-autotools-project@v1 | |
with: | |
path: wolfssl | |
configure: --enable-krb CC='gcc -fsanitize=address' | |
install: true | |
- name: tar build-dir | |
run: tar -zcf build-dir.tgz build-dir | |
- name: Upload built lib | |
uses: actions/upload-artifact@v4 | |
with: | |
name: wolf-install-krb5 | |
path: build-dir.tgz | |
retention-days: 5 | |
krb5_check: | |
strategy: | |
fail-fast: false | |
matrix: | |
# List of releases to test | |
ref: [ 1.21.1 ] | |
name: ${{ matrix.ref }} | |
if: github.repository_owner == 'wolfssl' | |
runs-on: ubuntu-latest | |
# This should be a safe limit for the tests to run. | |
timeout-minutes: 8 | |
needs: build_wolfssl | |
steps: | |
- name: Download lib | |
uses: actions/download-artifact@v4 | |
with: | |
name: wolf-install-krb5 | |
- name: untar build-dir | |
run: tar -xf build-dir.tgz | |
- name: Checkout OSP | |
uses: actions/checkout@v4 | |
with: | |
repository: wolfssl/osp | |
path: osp | |
- name: Checkout krb5 | |
uses: actions/checkout@v4 | |
with: | |
repository: krb5/krb5 | |
ref: krb5-${{ matrix.ref }}-final | |
path: krb5 | |
- name: Apply patch | |
working-directory: ./krb5 | |
run: | | |
patch -p1 < $GITHUB_WORKSPACE/osp/krb5/Patch-for-Kerberos-5-${{ matrix.ref }}.patch | |
- name: workaround high-entropy ASLR | |
# not needed after either an update to llvm or runner is done | |
run: sudo sysctl vm.mmap_rnd_bits=28 | |
- name: Build krb5 | |
working-directory: ./krb5/src | |
run: | | |
autoreconf -ivf | |
# Using rpath because LD_LIBRARY_PATH is overwritten during testing | |
export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib" | |
export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib" | |
./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \ | |
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' | |
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j | |
- name: Run tests | |
working-directory: ./krb5/src | |
run: | | |
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j check | |