This validator checks for any attribute certificate it can find for validated
end entity certificates and tries to extract group membership information
used for connection authorization rules.
But disable the gcrypt plugin, as it causes leaks.
Also disable the backtraces by libunwind as they seem to cause
threads to get cleaned up after the leak detective already has been
disabled, which leads to invalid free()s.
We still try to calculate these directly as it can avoid a dependency on
the pkcs1 or other plugins. But for e.g. PGPv3 keys we need to delegate the
actual fingerprint calculation to the pgp plugin.
Adds a config file and build script for Travis CI. Makes the unit tests
buildable with Clang, and test vectors are now actually verified when
the unit tests are executed.
Also adds options to run only selected test suites and to increase the debug
level during unit tests.
The --enable/disable configure options have been reordered and grouped, and
an option to enable all the features has been added (plus an option to
select a specific printf-hook implementation).
Not sure if 4 jobs is optimal, but according to the docs each build host
has 1.5 virtual cores available (although "getconf _NPROCESSORS_ONLN"
returns 32, which is probably the number of real cores underneath), so
more jobs might not actually reduce the build time much more.
The Blowfish and Twofish implementations provided by the gcrypt plugin
only support specific key lengths, which we don't know when testing
against vectors (either during unit tests or during algorithm
registration). The on_create test with a specific key length will be
skipped anyway, so there is no point in treating this failure differently.
Previously, the {ns}.crypto_test.on_add option had to be enabled to
actually test the algorithms, which we can't enforce for the tests in
the test_runner as the option is already read when the crypto factory
is initialized. Even so, we wouldn't want to do this for every unit
test, which would be the result of enabling that option.
Because GCC does not adhere to the priorities defined for constructors
when building with --enable-monolithic (not sure if it was just luck
that it worked in non-monolithic mode - anyway, it's not very portable)
function registration would fail because the hashtable would not be
created yet.
Clang does not initialize padding in union members so hashing the
complete "arg" union could lead to different hashes if the hashed
plugin_feature_t does not have static storage duration.
Fixes#549.
Martin Willi