[gnutls-devel] GnuTLS | gnutls relies on glibc-specific getpass functionality in tests (#945)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Feb 26 01:40:18 CET 2020 


Artemis Tosini created an issue: https://gitlab.com/gnutls/gnutls/issues/945



## Description of problem:
The certtool test in cert-tests does not detect any password and fails at [line 59](https://gitlab.com/gnutls/gnutls/-/blob/master/tests/cert-tests/certtool#L59) since it relies on getpass falling back to stdin and stderr if it is unable to connect to a TTY. This only occurs on glibc ([source code](https://sourceware.org/git/?p=glibc.git;a=blob;f=misc/getpass.c;h=1a9379e116ba5afb568f606ffff7b358d5d387c3;hb=HEAD#l58)), while other libcs like musl ([source code](https://git.musl-libc.org/cgit/musl/tree/src/legacy/getpass.c#n15)) do not have this behaviour.

I can think of a few options to fix this
 * Change [getpass_copy](https://gitlab.com/gnutls/gnutls/-/blob/master/src/common.c#L1026) to directly use utility functions in `termios.h`. This would be most compatible with existing scripts. Note that according to [its man page](https://linux.die.net/man/3/getpass), getpass is obsolete.
 * Stop relying on this behavior and test functionality another way, such as giving another password and making sure certtool fails.
 * Try to make a pty so that the existing test line still works. This should be possible, but I have no idea how to do it.
## Version of gnutls used:
3.6.12

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
NixOS

## How reproducible:

Steps to Reproduce:

 * Build gnutls with musl libc (in my case `nix-build '<nixpkgs>' -A pkgsMusl.gnutls`)
 * Run tests

## Actual results:
The test fails with the following log:
```
Generating a 3072 bit RSA private key...
Generating a self signed certificate...
No PIN given.
note: when operating in batch mode, set the GNUTLS_PIN or GNUTLS_SO_PIN environment variables
cert generation failed
FAIL certtool (exit status: 1)
```

## Expected results:
The test should pass

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/945
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200226/fb830a67/attachment.html>

More information about the Gnutls-devel mailing list