From 9433f9f5d945cd413b3f23f05f6681373f601a4a Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Sat, 22 Jul 2017 23:37:06 +0200
Subject: [PATCH] test/recipes/80-test_tsa.t: Don't trust 'OPENSSL_CONF'

There's a case when the environment variable OPENSSL_CONF is
useless...  when cross compiling for mingw and your wine environment
has an environment variable OPENSSL_CONF.  The latter will override
anything that's given when starting wine and there make the use of
that environment variable useless in our tests.

Therefore, we should not trust it, and use explicit '-config' options
instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3994)

(cherry picked from commit 83e0d090b196f70a9f25ff505d5813745585ef85)
---
 test/recipes/80-test_tsa.t | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/test/recipes/80-test_tsa.t b/test/recipes/80-test_tsa.t
index cf3378b380..3ba14d46e5 100644
--- a/test/recipes/80-test_tsa.t
+++ b/test/recipes/80-test_tsa.t
@@ -23,9 +23,10 @@ plan skip_all => "TS is not supported by this OpenSSL build"
 
 # All these are modified inside indir further down. They need to exist
 # here, however, to be available in all subroutines.
+my $openssl_conf;
 my $testtsa;
 my $CAtsa;
-my @RUN = ("openssl", "ts");
+my @RUN;
 
 sub create_tsa_cert {
     my $INDEX = shift;
@@ -33,7 +34,7 @@ sub create_tsa_cert {
     my $r = 1;
     $ENV{TSDNSECT} = "ts_cert_dn";
 
-    ok(run(app(["openssl", "req", "-new",
+    ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new",
                 "-out", "tsa_req${INDEX}.pem",
                 "-keyout", "tsa_key${INDEX}.pem"])));
     note "using extension $EXT";
@@ -42,7 +43,7 @@ sub create_tsa_cert {
                 "-out", "tsa_cert${INDEX}.pem",
                 "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
                 "-CAcreateserial",
-                "-extfile", $ENV{OPENSSL_CONF}, "-extensions", $EXT])));
+                "-extfile", $openssl_conf, "-extensions", $EXT])));
 }
 
 sub create_time_stamp_response {
@@ -83,17 +84,20 @@ plan tests => 20;
 note "setting up TSA test directory";
 indir "tsa" => sub
 {
-    $ENV{OPENSSL_CONF} = srctop_file("test", "CAtsa.cnf");
-    # Because that's what ../apps/CA.pl really looks at
-    $ENV{OPENSSL_CONFIG} = "-config ".$ENV{OPENSSL_CONF};
-    $ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1);
+    $openssl_conf = srctop_file("test", "CAtsa.cnf");
     $testtsa = srctop_file("test", "recipes", "80-test_tsa.t");
     $CAtsa = srctop_file("test", "CAtsa.cnf");
+    @RUN = ("openssl", "ts", "-config", $openssl_conf);
+
+    # ../apps/CA.pl needs these
+    $ENV{OPENSSL_CONFIG} = "-config $openssl_conf";
+    $ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1);
 
  SKIP: {
      $ENV{TSDNSECT} = "ts_ca_dn";
      skip "failed", 19
-         unless ok(run(app(["openssl", "req", "-new", "-x509", "-nodes",
+         unless ok(run(app(["openssl", "req", "-config", $openssl_conf,
+                            "-new", "-x509", "-nodes",
                             "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
                    'creating a new CA for the TSA tests');
 
-- 
2.25.1