Skip to content

Removes the wolfSSL-specific QSKIP hunk for Qt certificate unit test#348

Open
miyazakh wants to merge 1 commit into
wolfSSL:masterfrom
miyazakh:qt_jenkins_10795
Open

Removes the wolfSSL-specific QSKIP hunk for Qt certificate unit test#348
miyazakh wants to merge 1 commit into
wolfSSL:masterfrom
miyazakh:qt_jenkins_10795

Conversation

@miyazakh

@miyazakh miyazakh commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Removes the wolfSSL-specific QSKIP hunk for tst_QSslCertificate::nulInSan() from qt/wolfssl-qt-51518-full.patch. It is no longer needed and causes the test to be skipped instead of passed.

Background

nulInSan() loads a certificate with a NUL byte embedded in a SAN dNSName entry and verifies it parses to a non-empty certList.

  • wolfSSL PR#10279 added DecodeGeneralNameCheckChars() in wolfcrypt/src/asn.c, which rejects SAN entries containing NUL bytes at parse time (ASN_PARSE_E). This made certList empty, so the Qt patch added a QSKIP guard to avoid a hard failure.
  • wolfSSL PR#10793 ("Restore error code from DecodeGeneralName", e1a2ba3b / merged as 7dd269f) removed DecodeGeneralNameCheckChars(), explicitly stopping the rejection of embedded-NUL IA5String SAN values at parse time. Certificates with embedded NUL bytes now parse successfully again, certList is no longer empty, and the QSKIP guard never triggers — the test now runs and passes on its own.

Keeping the guard is harmless functionally, but it's dead code carried over from a wolfSSL behavior that no longer exists, and its presence is misleading when reading the patch.

Change

Drop the following hunk from qt/wolfssl-qt-51518-full.patch:

@@ -992,6 +996,11 @@ void tst_QSslCertificate::nulInSan()
 #endif
     QList<QSslCertificate> certList =
         QSslCertificate::fromPath(testDataDir + "more-certificates/badguy-nul-san.crt", QSsl::Pem, QSslCertificate::PatternSyntax::FixedString);
+#ifndef QT_NO_WOLFSSL
+    // wolfSSL (PR#10279) rejects certificates with embedded NUL bytes in SAN DNS entries at parse time
+    if (certList.isEmpty())
+        QSKIP("wolfSSL rejects certificates with embedded NUL bytes in SAN DNS entries");
+#endif
     QCOMPARE(certList.size(), 1);

Testing

Built Qt 5.15.18 with -wolfssl-linked against current wolfSSL master (a4aab71ff, post-PR#10793) and ran the test directly:

PASS   : tst_QSslCertificate::nulInSan()
Totals: 3 passed, 0 failed, 0 skipped, 0 blacklisted

Copilot AI review requested due to automatic review settings July 9, 2026 04:47
@miyazakh miyazakh self-assigned this Jul 9, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the vendored Qt 5.15.18 wolfSSL integration patch by removing an obsolete wolfSSL-specific QSKIP guard for the tst_QSslCertificate::nulInSan() unit test, so the test is no longer conditionally skipped based on behavior that no longer exists in current wolfSSL.

Changes:

  • Removes the QT_NO_WOLFSSL-guarded QSKIP block previously added to nulInSan() within the patch, eliminating dead/misleading skip logic.
  • Leaves the rest of the patch intact (other wolfSSL-related adjustments remain unchanged).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@miyazakh miyazakh assigned wolfSSL-Bot and unassigned miyazakh Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants