Failing SSL automatic tests

Bartosz Brachaczek b.brachaczek at gmail.com
Wed Sep 26 17:35:12 EDT 2012


Hello,

Some SSL automatic test fail on my machine:

- With openssl-1.0.1c:
  * ssl::simple_sslv2 (server process terminated abnormally: FAIL (1));
  * ssl::pkcs11 (server process terminated abnormally: FAIL (1));
  * ssl::pkcs11_dsa (server process terminated abnormally: FAIL (1)) (just for
    the record, it's already marked as failing).

- With gnutls-3.0.23 and 3.1.1:
  * ssl::fail_ca_notyetvalid (verification flags were 17 not 16) -- it seems
    strange to me, as NE_SSL_BADCHAIN | NE_SSL_NOTYETVALID is reported, but
    only NE_SSL_BADCHAIN is expected, despite the test name;
  * ssl::fail_ca_expired (verification flags were 18 not 16) -- ditto, only
    NE_SSL_EXPIRED instead of NE_SSL_NOTYETVALID;
  * ssl::pkcs11 (segmentation fault) -- the test is probably broken (fails
    with openssl too) but the crash is somewhere deep in gnutls internals, so
    it's likely a gnutls bug and it should be reported upstream.

- With gnutls-2.12.20 the same as with gnutls-3.0.23, plus the following:
  * ssl::cc_provided_dnames (dname count was 10 not 5)
  * ssl::fail_expired (no error in verification callback; error string: SSL
    handshake failed: Secure connection truncated)
  * ssl::fail_notvalid (no error in verification callback; error string: SSL
    handshake failed: Secure connection truncated)

- And, as a bonus, with gnutls-3.1.2 a whole bunch of tests fail, starting
  from ssl::simple:
      line 227: HTTP error:
      Could not verify server certificate: Error in the certificate.
  I don't know if it's a regression in gnutls-3.1.2 or an actual problem in
  the test suite.

Regards,
Bartosz Brachaczek



More information about the neon mailing list