test-openssl.t has a few failing tests

[sshock]

With a clean build of master, I see a few failing tests in test-openssl.t.

    # Subtest: cert-verify
    ok 1 - /home/sshock/git/quic/picotls/t/openssl.c 278
    not ok 2 - /home/sshock/git/quic/picotls/t/openssl.c 283
    not ok 3 - /home/sshock/git/quic/picotls/t/openssl.c 285
    not ok 4 - /home/sshock/git/quic/picotls/t/openssl.c 290
    1..4
not ok 7 - cert-verify

[kazuho]

Could you please let us know your enviroment (e.g., operating system, OpenSSL version)?

We do not see failures in the CI: https://github.com/h2o/picotls/actions/runs/8150381033.

[sshock]

Sure, here is my environment:

• Debian 12.5 on x86_64
• OpenSSL 3.0.11 (3.0.11-1~deb12u2)
• gcc 12.2.0

[sshock]

I think I figured out why it's failing for me. When building projects with cmake I'm in the habit of creating a build/ folder and doing the build inside there (starting with cmake ..), just to keep build files separate from source code.

So when I run ./test-openssl.t while inside the build directory, it must be failing to load the test-ca.cert on line 282:

ret = X509_LOOKUP_load_file(lookup, "t/assets/test-ca.crt", X509_FILETYPE_PEM);

Sure enough, when I run it from the parent folder instead it works just fine.

Feel free to close this out, unless you'd like to embed the test-ca.crt inside the code (like you've done with RSA_PRIVATE_KEY and RSA_CERTIFICATE) so it could run from anywhere.

[kazuho]

Ah I see.

Yes, the expectation behind the test scripts / programs are that they are run from the source directory.