From c14bd543879f2336e57aa2dff0b437407d858272 Mon Sep 17 00:00:00 2001 From: Juergen Repp Date: Fri, 19 Feb 2021 14:32:45 +0100 Subject: FAPI: Fix reading of the root certificate for provisioning. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * The root certificate defined by the environment variable FAPI_TEST_ROOT_CERT will only be used if it's allowed to use self generated root certificate with ./configure --enable-self-generated-certificate * This option is added to all integration tests which are using the TPM simulator. - Compared to the upstream commit 199b4edc the changes to CI config files are omitted. Signed-off-by: Juergen Repp --- configure.ac | 8 ++++++++ src/tss2-fapi/api/Fapi_Provision.c | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/configure.ac b/configure.ac index f4df879c..d3bbb93d 100755 --- a/configure.ac +++ b/configure.ac @@ -440,6 +440,14 @@ AC_ARG_ENABLE([weakcrypto], AS_IF([test "x$enable_weakcrypto" = "xyes"], AC_DEFINE([DISABLE_WEAK_CRYPTO],[1],[DISABLE WEAK CRYPTO ALGORITHMS])) +AC_ARG_ENABLE([self-generated-certificate], + [AS_HELP_STRING([--enable-self-generated-certificate], + [Alllow usage of self generated root certifcate])],, + [enable_self_generated_certificate=no]) +AS_IF([test "x$enable_self_generated_certificate" == xyes], + [AC_DEFINE([SELF_GENERATED_CERTIFICATE],[1], [Allow usage of self generated root certifcate])]) + + AC_SUBST([PATH]) dnl --------- Doxy Gen ----------------------- diff --git a/src/tss2-fapi/api/Fapi_Provision.c b/src/tss2-fapi/api/Fapi_Provision.c index 00534a2e..9cf804ad 100644 --- a/src/tss2-fapi/api/Fapi_Provision.c +++ b/src/tss2-fapi/api/Fapi_Provision.c @@ -797,7 +797,11 @@ Fapi_Provision_Finish(FAPI_CONTEXT *context) statecase(context->state, PROVISION_PREPARE_READ_ROOT_CERT); /* Prepare reading of root certificate. */ + root_ca_file = NULL; +#ifdef SELF_GENERATED_CERTIFICATE +#pragma message ( "*** Allow self generated certifcate ***" ) root_ca_file = getenv("FAPI_TEST_ROOT_CERT"); +#endif if (!root_ca_file) { context->state = PROVISION_EK_CHECK_CERT; return TSS2_FAPI_RC_TRY_AGAIN; -- 2.26.3