Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Mark obsolete-server-crypto test as XFAIL in Fedora/GnuTLS/* CI
The system-wide minimum crypto policy on Fedora prevents us from enabling 3DES and RC4 ciphers via GnuTLS priority strings. We have unconditionally disabled it in OpenConnect for now in commit 7e862f2 but the obsolete-server-crypto test is *still* failing, with ocserv reporting 'GnuTLS error (at worker-vpn.c:861): No supported cipher suites have been found.' Just mark obsolete-server-crypto test as XFAIL for these builds. It's the most accurate description of the state of those tests: these environments do not provide OpenConnect with the capabilities to reliably enable obsolete/insecure crypto algorithms in a self-contained way. See https://bugzilla.redhat.com/show_bug.cgi?id=1960763 for ongoing discussions about how to come up with a more reliable, testable, and maintainable mechanism for OpenConnect to enable these algorithms without compromising the system-wide minimum crypto policy. Signed-off-by: Daniel Lenski <dlenski@gmail.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
- Loading branch information