GNU bug report logs -
#56137
OpenSSL 1.1.1n test failures due to expired certificates (time bomb)
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Wed, 22 Jun 2022 12:39:12 +0200
with message-id <87ilot3ru7.fsf <at> gnu.org>
and subject line Re: bug#56137: OpenSSL 3.0.3/1.1.1n includes a time-dependent test
has caused the debbugs.gnu.org bug report #56137,
regarding OpenSSL 3.0.3/1.1.1n includes a time-dependent test
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
56137: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=56137
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Hello,
As reported by phodina in <https://issues.guix.gnu.org/53581>, OpenSSL
1.1.1n and 3.0.3 include a time-dependent test that now fails due to an
expired certificate:
https://github.com/openssl/openssl/issues/18441
The log looks like this:
--8<---------------cut here---------------start------------->8---
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
# ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
# [2] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got ClientFail.
# 40B78AF7FF7F0000:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844368
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
# [2] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got ClientFail.
# 40B78AF7FF7F0000:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844368
not ok 4 - iteration 4
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
# [4] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got FirstHandshakeFailed.
# 40B78AF7FF7F0000:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844368
not ok 5 - iteration 5
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
# [4] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got FirstHandshakeFailed.
# 40B78AF7FF7F0000:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844368
not ok 6 - iteration 6
# ------------------------------------------------------------------------------
# OPENSSL_TEST_RAND_ORDER=1655844368
not ok 1 - test_handshake
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/ssl_test 12-ct.cnf.none none => 1
not ok 3 - running ssl_test 12-ct.cnf
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
# [2] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got ClientFail.
# 40B78AF7FF7F0000:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844369
not ok 2 - iteration 2
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
# [2] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got ClientFail.
# 40B78AF7FF7F0000:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844369
not ok 4 - iteration 4
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
# [4] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got FirstHandshakeFailed.
# 40B78AF7FF7F0000:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844369
not ok 5 - iteration 5
# ------------------------------------------------------------------------------
# ERROR: (int) 'result->result == test_ctx->expected_result' failed @ test/ssl_test.c:36
# [4] compared to [0]
# INFO: @ test/ssl_test.c:37
# ExpectedResult mismatch: expected Success, got FirstHandshakeFailed.
# 40B78AF7FF7F0000:error:0A000415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:ssl/record/rec_layer_s3.c:1584:SSL alert number 45
# OPENSSL_TEST_RAND_ORDER=1655844369
not ok 6 - iteration 6
# ------------------------------------------------------------------------------
# OPENSSL_TEST_RAND_ORDER=1655844369
not ok 1 - test_handshake
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/ssl_test 12-ct.cnf.default default => 1
not ok 6 - running ssl_test 12-ct.cnf
# ------------------------------------------------------------------------------
# Failed test 'running ssl_test 12-ct.cnf'
# at test/recipes/80-test_ssl_new.t line 171.
# Looks like you failed 2 tests of 6.
not ok 12 - Test configuration 12-ct.cnf
# ------------------------------------------------------------------------------
# Looks like you failed 1 test of 30.80-test_ssl_new.t ..................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/30 subtests
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
--8<---------------cut here---------------end--------------->8---
That means that ‘openssl’ on current master (ca.
73761d8049f483e6685c2c736872d0366e03238a) now fails to build.
Ludo’.
[Message part 3 (message/rfc822, inline)]
Ludovic Courtès <ludo <at> gnu.org> skribis:
> As reported by phodina in <https://issues.guix.gnu.org/53581>, OpenSSL
> 1.1.1n and 3.0.3 include a time-dependent test that now fails due to an
> expired certificate:
>
> https://github.com/openssl/openssl/issues/18441
Fixed on ‘core-updates’ with 6cd438c4c2beb016a821143cdfdd12892aa9fd5f.
That commit skips the test. I tried another approach with ‘datefudge’,
which has the advantage of being more explicit and future-proof (should
there be similar issues lying around):
(invoke "datefudge" "2022-01-01"
"make" test-target
#$@(if (or (target-arm?) (target-riscv64?))
#~("TESTS=-test_afalg")
#~()))
For some reason it didn’t work.
Note that we cannot use libfaketime because:
--8<---------------cut here---------------start------------->8---
$ guix graph -t derivation --path libfaketime openssl <at> 1
/gnu/store/a4jcd4h7nvn97a2mw4n1yydgbh0i2wmz-libfaketime-0.9.9.drv
/gnu/store/hf5arq562aiisycnjcnhgfwzrl8lwrbc-libfaketime-0.9.9-checkout.drv
/gnu/store/xpnrk8hjfh7rvgqfsjwkjrb9cz1ws626-git-minimal-2.36.1.drv
/gnu/store/gavjhl823bhd95rijqf3iw3vl32ix494-openssl-1.1.1l.drv
--8<---------------cut here---------------end--------------->8---
Ludo’.
This bug report was last modified 8 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.