--- Begin Message ---
Subject: |
OpenSSL 3.0.3/1.1.1n includes a time-dependent test |
Date: |
Wed, 22 Jun 2022 11:58:04 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) |
Hello,
As reported by phodina in <https://issues.guix.gnu.org/53581>, OpenSSL
1.1.1n and 3.0.3 include a time-dependent test that now fails due to an
expired certificate:
https://github.com/openssl/openssl/issues/18441
The log looks like this:
--8<---------------cut here---------------start------------->8---
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
# ERROR: (int) 'result->result == test_ctx->expected_result' failed
@ test/ssl_test.c:36
# [2] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got ClientFail.
# 40B78AF7FF7F0000:error:0A000415:SSL
routines:ssl3_read_bytes:sslv3 alert certificate
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844368
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed
@ test/ssl_test.c:36
# [2] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got ClientFail.
# 40B78AF7FF7F0000:error:0A000415:SSL
routines:ssl3_read_bytes:sslv3 alert certificate
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844368
not ok 4 - iteration 4
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed
@ test/ssl_test.c:36
# [4] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got
FirstHandshakeFailed.
# 40B78AF7FF7F0000:error:0A000415:SSL
routines:ssl3_read_bytes:sslv3 alert certificate
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844368
not ok 5 - iteration 5
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed
@ test/ssl_test.c:36
# [4] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got
FirstHandshakeFailed.
# 40B78AF7FF7F0000:error:0A000415:SSL
routines:ssl3_read_bytes:sslv3 alert certificate
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844368
not ok 6 - iteration 6
# ------------------------------------------------------------------------------
# OPENSSL_TEST_RAND_ORDER=1655844368
not ok 1 - test_handshake
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/ssl_test 12-ct.cnf.none none => 1
not ok 3 - running ssl_test 12-ct.cnf
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed
@ test/ssl_test.c:36
# [2] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got ClientFail.
# 40B78AF7FF7F0000:error:0A000415:SSL
routines:ssl3_read_bytes:sslv3 alert certificate
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844369
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed
@ test/ssl_test.c:36
# [2] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got ClientFail.
# 40B78AF7FF7F0000:error:0A000415:SSL
routines:ssl3_read_bytes:sslv3 alert certificate
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844369
not ok 4 - iteration 4
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed
@ test/ssl_test.c:36
# [4] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got
FirstHandshakeFailed.
# 40B78AF7FF7F0000:error:0A000415:SSL
routines:ssl3_read_bytes:sslv3 alert certificate
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844369
not ok 5 - iteration 5
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed
@ test/ssl_test.c:36
# [4] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got
FirstHandshakeFailed.
# 40B78AF7FF7F0000:error:0A000415:SSL
routines:ssl3_read_bytes:sslv3 alert certificate
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844369
not ok 6 - iteration 6
# ------------------------------------------------------------------------------
# OPENSSL_TEST_RAND_ORDER=1655844369
not ok 1 - test_handshake
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/ssl_test 12-ct.cnf.default default => 1
not ok 6 - running ssl_test 12-ct.cnf
# ------------------------------------------------------------------------------
# Failed test 'running ssl_test 12-ct.cnf'
# at test/recipes/80-test_ssl_new.t line 171.
# Looks like you failed 2 tests of 6.
not ok 12 - Test configuration 12-ct.cnf
# ------------------------------------------------------------------------------
# Looks like you failed 1 test of 30.80-test_ssl_new.t ..................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/30 subtests
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
--8<---------------cut here---------------end--------------->8---
That means that ‘openssl’ on current master (ca.
73761d8049f483e6685c2c736872d0366e03238a) now fails to build.
Ludo’.
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#56137: OpenSSL 3.0.3/1.1.1n includes a time-dependent test |
Date: |
Wed, 22 Jun 2022 12:39:12 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) |
Ludovic Courtès <ludo@gnu.org> skribis:
> As reported by phodina in <https://issues.guix.gnu.org/53581>, OpenSSL
> 1.1.1n and 3.0.3 include a time-dependent test that now fails due to an
> expired certificate:
>
> https://github.com/openssl/openssl/issues/18441
Fixed on ‘core-updates’ with 6cd438c4c2beb016a821143cdfdd12892aa9fd5f.
That commit skips the test. I tried another approach with ‘datefudge’,
which has the advantage of being more explicit and future-proof (should
there be similar issues lying around):
(invoke "datefudge" "2022-01-01"
"make" test-target
#$@(if (or (target-arm?) (target-riscv64?))
#~("TESTS=-test_afalg")
#~()))
For some reason it didn’t work.
Note that we cannot use libfaketime because:
--8<---------------cut here---------------start------------->8---
$ guix graph -t derivation --path libfaketime openssl@1
/gnu/store/a4jcd4h7nvn97a2mw4n1yydgbh0i2wmz-libfaketime-0.9.9.drv
/gnu/store/hf5arq562aiisycnjcnhgfwzrl8lwrbc-libfaketime-0.9.9-checkout.drv
/gnu/store/xpnrk8hjfh7rvgqfsjwkjrb9cz1ws626-git-minimal-2.36.1.drv
/gnu/store/gavjhl823bhd95rijqf3iw3vl32ix494-openssl-1.1.1l.drv
--8<---------------cut here---------------end--------------->8---
Ludo’.
--- End Message ---