Test kryoptic with NSS DB #487
Conversation
|
|
||
| # this overrides what we define in the generic init | ||
| # the NSS DB can not store custom labels | ||
| export TOKENLABEL="Kryoptic Soft Token" |
There was a problem hiding this comment.
You can pass in some of these labels via configuration like you did for the passwordRequired Flags
There was a problem hiding this comment.
I wanted to make sure that we will really work with the NSS DB so using different one than the SQL DB. I am not sure if these particular knobs are used, but I can double-check
There was a problem hiding this comment.
Tokenlabel is needed by opensc pkcs11-tool to be able to find the right slot/token for some of the operations.
I also do not think they should be identical to the std kryoptic run, I would see it specific like "Kryoptic NSSDB Token"
There was a problem hiding this comment.
My intention was to keep the most of the options default.
The flags='passwordRequired' is needed for gnutls p11tool to attempt to login when searching for private keys. Without that, it skips the login and fails. It might make sense to describe this in the comment in the script rather than here though.
|
It'd be nice to make the kryoptic.nss text somehow optional and not enabled by default when we run |
Jakuje
force-pushed
the
kryoptic-conf
branch
from
1cc4e0f to
b5edaf8
Compare
The NSSDB backend is now super-slow so I am bumping the timeout to 60s/test. The kryoptic build is also adjusted to include this non-default feature. Signed-off-by: Jakub Jelen <[email protected]>
At random times, the uri test was failing with some error like this: ``` openssl storeutl -text "$uri" Couldn't open file or uri URI7xnNajqYJnkZTktp42UM2yp38/G8hCR7QWsnuREHRXLaVoqVJouteOg== 40A7BAF0F27F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file 40A7BAF0F27F0000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(URI7xnNajqYJnkZTktp42UM2yp38/G8hCR7QWsnuREHRXLaVoqVJouteOg==) ``` Signed-off-by: Jakub Jelen <[email protected]>
Jakuje
force-pushed
the
kryoptic-conf
branch
from
b5edaf8 to
edfa16e
Compare
|
Covscan not needed. |
Description
This is more value for the kryoptic to make sure all the operations on the newly introduced DB work as expected.
The NSSDB backend is now super-slow so I am bumping the timeout to 60s/test. The kryoptic build is also adjusted to include this non-default feature.
This change depends on kryoptic including one last fix to provide
CKF_USER_PIN_INITIALIZEDflag from NSS DB backend.Checklist
Reviewer's checklist: