From 9e179450efe7dc83a4a691459e8e1c4ebdd0a0a9 Mon Sep 17 00:00:00 2001
From: yangchenguang <yangchenguang@uniontech.com>
Date: Thu, 2 Feb 2023 15:02:25 +0800
Subject: [PATCH] test skip tls-exporter test for TLS 1.2

---
 glib-networking.spec                          |  7 +-
 test-skip-tls-exporter-test-for-TLS-1.2.patch | 81 +++++++++++++++++++
 2 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 test-skip-tls-exporter-test-for-TLS-1.2.patch

diff --git a/glib-networking.spec b/glib-networking.spec
index 2b80ece..128dbd7 100644
--- a/glib-networking.spec
+++ b/glib-networking.spec
@@ -1,11 +1,13 @@
 Name:           glib-networking
 Version:        2.72.0
-Release:        1
+Release:        2
 Summary:        Network-related modules for glib
 License:        LGPLv2+
 URL:            https://gitlab.gnome.org/GNOME/glib-networking
 Source0:        https://download.gnome.org/sources/glib-networking/2.72/%{name}-%{version}.tar.xz
 
+Patch0:		test-skip-tls-exporter-test-for-TLS-1.2.patch
+
 BuildRequires:  meson gcc ca-certificates gettext systemd
 BuildRequires:  pkgconfig(glib-2.0) >= 2.69.0 pkgconfig(gnutls)
 BuildRequires:  pkgconfig(gio-2.0) pkgconfig(gsettings-desktop-schemas)
@@ -58,6 +60,9 @@ verify the Usability of the glib-networking package.
 %{_datadir}/installed-tests
 
 %changelog
+* Thu Feb 02 2023 yangchenguang <yangchenguang@uniontech.com> - 2.72.0-2
+- tests skip tls-exporter test for TLS 1.2
+
 * Mon May 30 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 2.72.0-1
 - Update to 2.72.0
 
diff --git a/test-skip-tls-exporter-test-for-TLS-1.2.patch b/test-skip-tls-exporter-test-for-TLS-1.2.patch
new file mode 100644
index 0000000..9b237c9
--- /dev/null
+++ b/test-skip-tls-exporter-test-for-TLS-1.2.patch
@@ -0,0 +1,81 @@
+From 205b578c6de0a6b42dd24d97f08ab47d0347431a Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 2 Nov 2022 13:26:53 +0100
+Subject: [PATCH] test skip tls-exporter test for TLS 1.2
+
+---
+ tls/tests/connection.c | 47 +++++++++++++++++++++++++++---------------
+ 1 file changed, 30 insertions(+), 17 deletions(-)
+
+diff --git a/tls/tests/connection.c b/tls/tests/connection.c
+index f6f1cf8..e4deb02 100644
+--- a/tls/tests/connection.c
++++ b/tls/tests/connection.c
+@@ -2723,6 +2723,8 @@ test_connection_binding_match_tls_exporter (TestConnection *test,
+   GByteArray *client_cb, *server_cb;
+   gchar *client_b64, *server_b64;
+   GError *error = NULL;
++  gboolean client_supports_tls_exporter;
++  gboolean server_supports_tls_exporter;
+ 
+   test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+   g_assert_no_error (error);
+@@ -2751,27 +2753,38 @@ test_connection_binding_match_tls_exporter (TestConnection *test,
+   g_main_loop_run (test->loop);
+ 
+   /* Smoke test: ensure both sides support tls-exporter */
+-  g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+-                                                    (GTlsChannelBindingType)100500, NULL, NULL));
+-  g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+-                                                    (GTlsChannelBindingType)100500, NULL, NULL));
++  client_supports_tls_exporter = g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
++                                                    (GTlsChannelBindingType)100500, NULL, NULL);
++  server_supports_tls_exporter = g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
++                                                    (GTlsChannelBindingType)100500, NULL, NULL);
+ 
+   /* Real test: retrieve bindings and compare */
+-  client_cb = g_byte_array_new ();
+-  server_cb = g_byte_array_new ();
+-  g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+-                                                    (GTlsChannelBindingType)100500, client_cb, NULL));
+-  g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+-                                                    (GTlsChannelBindingType)100500, server_cb, NULL));
++  g_assert_true (client_supports_tls_exporter == server_supports_tls_exporter);
+ 
+-  client_b64 = g_base64_encode (client_cb->data, client_cb->len);
+-  server_b64 = g_base64_encode (server_cb->data, server_cb->len);
+-  g_assert_cmpstr (client_b64, ==, server_b64);
++  if (client_supports_tls_exporter)
++    {
++      /* Real test: retrieve bindings and compare */
++      client_cb = g_byte_array_new ();
++      server_cb = g_byte_array_new ();
++      g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
++                                                        (GTlsChannelBindingType)100500, client_cb, NULL));
++      g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
++                                                        (GTlsChannelBindingType)100500, server_cb, NULL));
++      client_b64 = g_base64_encode (client_cb->data, client_cb->len);
++      server_b64 = g_base64_encode (server_cb->data, server_cb->len);
++      g_assert_cmpstr (client_b64, ==, server_b64);
+ 
+-  g_free (client_b64);
+-  g_free (server_b64);
+-  g_byte_array_unref (client_cb);
+-  g_byte_array_unref (server_cb);
++      g_free (client_b64);
++      g_free (server_b64);
++      g_byte_array_unref (client_cb);
++      g_byte_array_unref (server_cb);
++    }
++  else
++    {
++      g_assert_true (g_tls_connection_get_protocol_version (
++            G_TLS_CONNECTION (test->client_connection)) == G_TLS_PROTOCOL_VERSION_TLS_1_2);
++      g_test_skip ("tls-exporter is not supported before TLS 1.3");
++    }
+ 
+   /* drop the mic */
+   close_server_connection (test);
+-- 
+2.20.1
+
-- 
Gitee