search

Azure / azure-sdk-for-cpp

This repository is for active development of the Azure SDK for C++. For consumers of the SDK we recommend visiting our versioned developer docs at https://azure.github.io/azure-sdk-for-cpp.
MIT License
178 stars 128 forks source link

azure-core.CurlTransportOptions.noRevoke test failing with "unable to get certificate CRL" error #5493

Open ahsonkhan opened 6 months ago

ahsonkhan commented 6 months ago

From unrelated PR: https://github.com/Azure/azure-sdk-for-cpp/pull/5474 on Validate Ubuntu22_included_release https://dev.azure.com/azure-sdk/public/_build/results?buildId=3665652&view=logs&j=ba3dad2b-ce90-52d5-0c84-4172d8b9d063&t=6c6e0346-5c6c-5b96-a9d2-deaa2096ecd7&l=22207

2024-04-03T23:37:06.1862529Z test 7
2024-04-03T23:37:06.1862939Z         Start   7: azure-core.CurlTransportOptions.noRevoke
2024-04-03T23:37:06.1863111Z 
2024-04-03T23:37:06.1863649Z 7: Test command: /mnt/vss/_work/1/s/build/sdk/core/azure-core/test/ut/azure-core-test "--gtest_filter=CurlTransportOptions.noRevoke" "--gtest_also_run_disabled_tests"
2024-04-03T23:37:06.1864157Z 7: Working Directory: /mnt/vss/_work/1/s/build/sdk/core/azure-core/test/ut
2024-04-03T23:37:06.1864445Z 7: Test timeout computed to be: 10000000
2024-04-03T23:37:06.1906785Z 7: Note: Google Test filter = CurlTransportOptions.noRevoke
2024-04-03T23:37:06.1907369Z 7: [==========] Running 1 test from 1 test suite.
2024-04-03T23:37:06.1908232Z 7: [----------] Global test environment set-up.
2024-04-03T23:37:06.1908650Z 7: [----------] 1 test from CurlTransportOptions
2024-04-03T23:37:06.1908997Z 7: [ RUN      ] CurlTransportOptions.noRevoke
2024-04-03T23:37:06.1909574Z 7: [2024-04-03T23:37:06.1904772Z T: 139650285413568] DEBUG : [CURL Transport Adapter]: Creating a new session.
2024-04-03T23:37:06.1910285Z 7: [2024-04-03T23:37:06.1904972Z T: 139650285413568] DEBUG : [CURL Transport Adapter]: Spawn new connection.
2024-04-03T23:37:06.4330773Z 7: [2024-04-03T23:37:06.4326520Z T: 139650285413568] INFO  : Load CRL from Url: http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2008.crl
2024-04-03T23:37:06.4660347Z 7: [2024-04-03T23:37:06.4657171Z T: 139650285413568] INFO  : Load CRL from Url: http://crl3.digicert.com/DigiCertGlobalRootG2.crl
2024-04-03T23:37:11.4738672Z 7: [2024-04-03T23:37:11.4734113Z T: 139650285413568] ERROR : Error in Load CRL: C0A4A7DD027F0000:error:10000093:BIO routines:BIO_do_connect_retry:connect timeout:../src/nssl-3.2.1-8707343470.clean/crypto/bio/bio_lib.c:1064:
2024-04-03T23:37:11.4739934Z 7: [2024-04-03T23:37:11.4734396Z T: 139650285413568] ERROR : Unable to retrieve CRL, CRL check may fail.
2024-04-03T23:37:11.4740827Z 7: [2024-04-03T23:37:11.4734680Z T: 139650285413568] INFO  : depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 08
2024-04-03T23:37:11.4741985Z 7: [2024-04-03T23:37:11.4734812Z T: 139650285413568] INFO  : verify error:num=3: unable to get certificate CRL
2024-04-03T23:37:11.4742788Z 7: [2024-04-03T23:37:11.4734941Z T: 139650285413568] INFO  : Unable to retrieve CRL.Fail TLS negotiation because CRL retrieval is not configured.
2024-04-03T23:37:11.4749018Z 7: /mnt/vss/_work/1/s/sdk/core/azure-core/test/ut/curl_options_test.cpp:82: Failure
2024-04-03T23:37:11.4749711Z 7: Expected: response = pipeline.Send(request, Azure::Core::Context::ApplicationContext) doesn't throw an exception.
2024-04-03T23:37:11.4750296Z 7:   Actual: it throws Azure::Core::Http::TransportException with description "Fail to get a new connection for: https://azuresdkforcpp.azurewebsites.net. SSL peer certificate or SSH remote key was not OK. Underlying error: unable to get certificate CRL".
2024-04-03T23:37:11.4751132Z 7: [  FAILED  ] CurlTransportOptions.noRevoke (5284 ms)
2024-04-03T23:37:11.4751699Z 7: [----------] 1 test from CurlTransportOptions (5284 ms total)
2024-04-03T23:37:11.4752118Z 7: 
2024-04-03T23:37:11.4752518Z 7: [----------] Global test environment tear-down
2024-04-03T23:37:11.4752943Z 7: [==========] 1 test from 1 test suite ran. (5284 ms total)
2024-04-03T23:37:11.4753311Z 7: [  PASSED  ] 0 tests.
2024-04-03T23:37:11.4753704Z 7: [  FAILED  ] 1 test, listed below:
2024-04-03T23:37:11.4754076Z 7: [  FAILED  ] CurlTransportOptions.noRevoke
2024-04-03T23:37:11.4754444Z 7: 
2024-04-03T23:37:11.4754732Z 7:  1 FAILED TEST
2024-04-03T23:37:11.4762910Z   7/533 Test   #7: azure-core.CurlTransportOptions.noRevoke ..........................................................***Failed    5.29 sec
github-actions[bot] commented 6 months ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

ahsonkhan commented 6 months ago

A retry seems to have fixed the issue.

gearama commented 5 months ago

this issue is similar to the one regarding httpsDefault , seems to have been an infra issue ( the endpoint or network glitched) . it has not failed before or since. i suggest we reopen the issue if it becomes an issue again.

ahsonkhan commented 4 months ago

Re-opening as it is similar to https://github.com/Azure/azure-sdk-for-cpp/issues/4634 and it came up again recently (including httpsDefault from the screenshot in https://github.com/Azure/azure-sdk-for-cpp/issues/5533).

Fixed in https://github.com/Azure/azure-sdk-for-cpp/pull/5692