bug#56137: closed (OpenSSL 3.0.3/1.1.1n includes a time-dependent test)

emacs-bug-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#56137: closed (OpenSSL 3.0.3/1.1.1n includes a time-dependent test)

From:	GNU bug Tracking System
Subject:	bug#56137: closed (OpenSSL 3.0.3/1.1.1n includes a time-dependent test)
Date:	Wed, 22 Jun 2022 10:40:03 +0000

Your message dated Wed, 22 Jun 2022 12:39:12 +0200
with message-id <87ilot3ru7.fsf@gnu.org>
and subject line Re: bug#56137: OpenSSL 3.0.3/1.1.1n includes a time-dependent 
test
has caused the debbugs.gnu.org bug report #56137,
regarding OpenSSL 3.0.3/1.1.1n includes a time-dependent test
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
56137: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=56137
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

--- Begin Message --- Subject: OpenSSL 3.0.3/1.1.1n includes a time-dependent test Date: Wed, 22 Jun 2022 11:58:04 +0200 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)

Hello,

As reported by phodina in <https://issues.guix.gnu.org/53581>, OpenSSL
1.1.1n and 3.0.3 include a time-dependent test that now fails due to an
expired certificate:

  https://github.com/openssl/openssl/issues/18441

The log looks like this:

--8<---------------cut here---------------start------------->8---
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok

            # ERROR: (int) 'result->result == test_ctx->expected_result' failed 
@ test/ssl_test.c:36
            # [2] compared to [0]
            # INFO:  @ test/ssl_test.c:37
            # ExpectedResult mismatch: expected Success, got ClientFail.
            # 40B78AF7FF7F0000:error:0A000415:SSL 
routines:ssl3_read_bytes:sslv3 alert certificate 
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
            # OPENSSL_TEST_RAND_ORDER=1655844368
            not ok 2 - iteration 2
# ------------------------------------------------------------------------------
            # ERROR: (int) 'result->result == test_ctx->expected_result' failed 
@ test/ssl_test.c:36
            # [2] compared to [0]
            # INFO:  @ test/ssl_test.c:37
            # ExpectedResult mismatch: expected Success, got ClientFail.
            # 40B78AF7FF7F0000:error:0A000415:SSL 
routines:ssl3_read_bytes:sslv3 alert certificate 
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
            # OPENSSL_TEST_RAND_ORDER=1655844368
            not ok 4 - iteration 4
# ------------------------------------------------------------------------------
            # ERROR: (int) 'result->result == test_ctx->expected_result' failed 
@ test/ssl_test.c:36
            # [4] compared to [0]
            # INFO:  @ test/ssl_test.c:37
            # ExpectedResult mismatch: expected Success, got 
FirstHandshakeFailed.
            # 40B78AF7FF7F0000:error:0A000415:SSL 
routines:ssl3_read_bytes:sslv3 alert certificate 
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
            # OPENSSL_TEST_RAND_ORDER=1655844368
            not ok 5 - iteration 5
# ------------------------------------------------------------------------------
            # ERROR: (int) 'result->result == test_ctx->expected_result' failed 
@ test/ssl_test.c:36
            # [4] compared to [0]
            # INFO:  @ test/ssl_test.c:37
            # ExpectedResult mismatch: expected Success, got 
FirstHandshakeFailed.
            # 40B78AF7FF7F0000:error:0A000415:SSL 
routines:ssl3_read_bytes:sslv3 alert certificate 
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
            # OPENSSL_TEST_RAND_ORDER=1655844368
            not ok 6 - iteration 6
# ------------------------------------------------------------------------------
        # OPENSSL_TEST_RAND_ORDER=1655844368
        not ok 1 - test_handshake
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/ssl_test 12-ct.cnf.none none => 1
    not ok 3 - running ssl_test 12-ct.cnf
# ------------------------------------------------------------------------------
            # ERROR: (int) 'result->result == test_ctx->expected_result' failed 
@ test/ssl_test.c:36
            # [2] compared to [0]
            # INFO:  @ test/ssl_test.c:37
            # ExpectedResult mismatch: expected Success, got ClientFail.
            # 40B78AF7FF7F0000:error:0A000415:SSL 
routines:ssl3_read_bytes:sslv3 alert certificate 
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
            # OPENSSL_TEST_RAND_ORDER=1655844369
            not ok 2 - iteration 2
# ------------------------------------------------------------------------------
            # ERROR: (int) 'result->result == test_ctx->expected_result' failed 
@ test/ssl_test.c:36
            # [2] compared to [0]
            # INFO:  @ test/ssl_test.c:37
            # ExpectedResult mismatch: expected Success, got ClientFail.
            # 40B78AF7FF7F0000:error:0A000415:SSL 
routines:ssl3_read_bytes:sslv3 alert certificate 
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
            # OPENSSL_TEST_RAND_ORDER=1655844369
            not ok 4 - iteration 4
# ------------------------------------------------------------------------------
            # ERROR: (int) 'result->result == test_ctx->expected_result' failed 
@ test/ssl_test.c:36
            # [4] compared to [0]
            # INFO:  @ test/ssl_test.c:37
            # ExpectedResult mismatch: expected Success, got 
FirstHandshakeFailed.
            # 40B78AF7FF7F0000:error:0A000415:SSL 
routines:ssl3_read_bytes:sslv3 alert certificate 
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
            # OPENSSL_TEST_RAND_ORDER=1655844369
            not ok 5 - iteration 5
# ------------------------------------------------------------------------------
            # ERROR: (int) 'result->result == test_ctx->expected_result' failed 
@ test/ssl_test.c:36
            # [4] compared to [0]
            # INFO:  @ test/ssl_test.c:37
            # ExpectedResult mismatch: expected Success, got 
FirstHandshakeFailed.
            # 40B78AF7FF7F0000:error:0A000415:SSL 
routines:ssl3_read_bytes:sslv3 alert certificate 
expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
            # OPENSSL_TEST_RAND_ORDER=1655844369
            not ok 6 - iteration 6
# ------------------------------------------------------------------------------
        # OPENSSL_TEST_RAND_ORDER=1655844369
        not ok 1 - test_handshake
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/ssl_test 12-ct.cnf.default default => 1
    not ok 6 - running ssl_test 12-ct.cnf
# ------------------------------------------------------------------------------
    #   Failed test 'running ssl_test 12-ct.cnf'
    #   at test/recipes/80-test_ssl_new.t line 171.
    # Looks like you failed 2 tests of 6.
not ok 12 - Test configuration 12-ct.cnf
# ------------------------------------------------------------------------------
# Looks like you failed 1 test of 30.80-test_ssl_new.t .................. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/30 subtests 
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
--8<---------------cut here---------------end--------------->8---

That means that ‘openssl’ on current master (ca.
73761d8049f483e6685c2c736872d0366e03238a) now fails to build.

Ludo’.

--- End Message ---

--- Begin Message --- Subject: Re: bug#56137: OpenSSL 3.0.3/1.1.1n includes a time-dependent test Date: Wed, 22 Jun 2022 12:39:12 +0200 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)

Ludovic Courtès <ludo@gnu.org> skribis:

> As reported by phodina in <https://issues.guix.gnu.org/53581>, OpenSSL
> 1.1.1n and 3.0.3 include a time-dependent test that now fails due to an
> expired certificate:
>
>   https://github.com/openssl/openssl/issues/18441

Fixed on ‘core-updates’ with 6cd438c4c2beb016a821143cdfdd12892aa9fd5f.

That commit skips the test.  I tried another approach with ‘datefudge’,
which has the advantage of being more explicit and future-proof (should
there be similar issues lying around):

               (invoke "datefudge" "2022-01-01"
                       "make" test-target
                       #$@(if (or (target-arm?) (target-riscv64?))
                              #~("TESTS=-test_afalg")
                              #~()))

For some reason it didn’t work.

Note that we cannot use libfaketime because:

--8<---------------cut here---------------start------------->8---
$ guix graph -t derivation --path libfaketime openssl@1
/gnu/store/a4jcd4h7nvn97a2mw4n1yydgbh0i2wmz-libfaketime-0.9.9.drv
/gnu/store/hf5arq562aiisycnjcnhgfwzrl8lwrbc-libfaketime-0.9.9-checkout.drv
/gnu/store/xpnrk8hjfh7rvgqfsjwkjrb9cz1ws626-git-minimal-2.36.1.drv
/gnu/store/gavjhl823bhd95rijqf3iw3vl32ix494-openssl-1.1.1l.drv
--8<---------------cut here---------------end--------------->8---

Ludo’.

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

bug#56137: closed (OpenSSL 3.0.3/1.1.1n includes a time-dependent test), GNU bug Tracking System <=

Prev by Date: Processed: control message for bug #56137
Next by Date: bug#53581: closed ([PATCH 1/8] gnu: libdrm: Update to 2.4.109.)
Previous by thread: Processed: control message for bug #56137
Next by thread: bug#53581: closed ([PATCH 1/8] gnu: libdrm: Update to 2.4.109.)
Index(es):
- Date
- Thread