search

noxxi / p5-io-socket-ssl

IO::Socket::SSL Perl Module
36 stars 60 forks source link

t/session_ticket.t failing in Fedora Rawhide #49

Closed pghmcfc closed 7 years ago

pghmcfc commented 7 years ago

Test results:

$ make test                                                                                                                   
PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harne
ss(0, 'blib/lib', 'blib/arch')" t/*.t t/external/*.t                                                                          
# openssl version=0x1010003f                                                                                                  
# Net::SSLeay version=1.80                                                                                                    
# parent IO::Socket::IP version=0.38                                                                                          
t/01loadmodule.t .................. ok                                                                                        
t/acceptSSL-timeout.t ............. ok                                                                                        
t/alpn.t .......................... ok                                                                                        
t/auto_verify_hostname.t .......... ok                                                                                        
t/cert_formats.t .................. ok                                                                                        
t/cert_no_file.t .................. ok                                                                                        
t/compatibility.t ................. ok                                                                                        
t/connectSSL-timeout.t ............ ok                                                                                        
t/core.t .......................... ok                                                                                        
t/dhe.t ........................... ok                                                                                        
t/ecdhe.t ......................... ok                                                                                        
# tcp connect to www.chksum.de:443 ok                                                                                         
# tcp connect to www.spiegel.de:443 ok                                                                                        
# fingerprint matches                                                                                                         
# validation with default CA w/o OCSP ok                                                                                      
# validation with default CA with OCSP defaults ok                                                                            
# validation with default CA with OCSP full chain ok                                                                          
# tcp connect to revoked.grc.com:443 ok                                                                                       
# fingerprint matches                                                                                                         
# validation with default CA w/o OCSP ok                                                                                      
t/external/ocsp.t ................. ok                                                                                        
# found 154 CA certs                                                                                                          
# have root CA for www.twitter.com in store                                                                                   
# 5 connections to www.twitter.com ok                                                                                         
# have root CA for www.facebook.com in store                                                                                  
# 5 connections to www.facebook.com ok                                                                                        
# have root CA for www.live.com in store                                                                                      
# 5 connections to www.live.com ok                                                                                            
# fingerprint www.live.com matches                                                                                            
# check www.live.com against builtin CA store ok                                                                              
t/external/usable_ca.t ............ ok                                                                                        
t/io-socket-inet6.t ............... ok                                                                                        
t/io-socket-ip.t .................. ok                                                                                        
t/memleak_bad_handshake.t ......... ok                                                                                        
t/mitm.t .......................... ok                                                                                        
t/nonblock.t ...................... ok                                                                                        
t/npn.t ........................... ok                                                                                        
# -- test: newINET start_SSL stop_SSL start_SSL                                                                               
# server accepted new client                                                                                                  
# wait for initial data from client                                                                                           
# got 0x666f6f from client                                                                                                    
# server: got plain data at start of connection                                                                               
# server: TLS upgrade                                                                                                         
# server: TLS downgrade                                                                                                       
# server: TLS upgrade#2                                                                                                       
# -- test: newSSL stop_SSL connect_SSL                                                                                        
# server accepted new client                                                                                                  
# wait for initial data from client                                                                                           
# got 0x160301 from client                                                                                                    
# server: TLS upgrade                                                                                                         
# server: TLS downgrade                                                                                                       
# server: TLS upgrade#2                                                                                                       
# -- test: newSSL:0 connect_SSL stop_SSL connect_SSL                                                                          
# server accepted new client                                                                                                  
# wait for initial data from client                                                                                           
# got 0x666f6f from client                                                                                                    
# server: got plain data at start of connection                                                                               
# server: TLS upgrade                                                                                                         
# server: TLS downgrade                                                                                                       
# server: TLS upgrade#2                                                                                                       
# -- test: newSSL:0 start_SSL stop_SSL connect_SSL                                                                            
# server accepted new client                                                                                                  
# wait for initial data from client                                                                                           
# got 0x666f6f from client                                                                                                    
# server: got plain data at start of connection                                                                               
# server: TLS upgrade                                                                                                         
# server: TLS downgrade                                                                                                       
# server: TLS upgrade#2                                                                                                       
# server accepted new client                                                                                                  
# wait for initial data from client                                                                                           
# got 0x656e64 from client                                                                                                    
# client requested end of tests                                                                                               
t/plain_upgrade_downgrade.t ....... ok                                                                                        
# failed to accept SSLv3                                                                                                      
# looks like OpenSSL was compiled without SSLv3 support                                                                       
t/protocol_version.t .............. ok                                                                                        
t/public_suffix_lib_encode_idn.t .. ok                                                                                        
t/public_suffix_lib_libidn.t ...... ok                                                                                        
t/public_suffix_lib_uri.t ......... ok                                                                                        
t/public_suffix_ssl.t ............. ok                                                                                        
t/readline.t ...................... ok                                                                                        
# listen at 127.0.0.1:54715                                                                                                   
# listen at 127.0.0.1:42263                                                                                                   
# connect to 0: success reuse=0                                                                                               
# connect to 0: success reuse=0                                                                                               
#   Failed test 'reuse with the next session and secret[0]'                                                                   
#   at t/session_ticket.t line 57.                                                                                            
#          got: '0'                                                                                                           
#     expected: '1'                                                                                                           
# connect to 1: success reuse=0                                                                                               
#   Failed test 'reuse even though server changed, since they share ticket secret'                                            
#   at t/session_ticket.t line 57.                                                                                            
#          got: '0'                                                                                                           
#     expected: '1'                                                                                                           
# connect to 1: success reuse=0                                                                                               
# connect to 0: success reuse=0                                                                                               
# connect to 0: success reuse=0                                                                                               
#   Failed test 'reuse again since got ticket with secret[0] in last step'                                                    
#   at t/session_ticket.t line 57.                                                                                            
#          got: '0'                                                                                                           
#     expected: '1'                                                                                                           
# Looks like you failed 3 tests of 6.                                                                                         
t/session_ticket.t ................                                                                                           
Dubious, test returned 3 (wstat 768, 0x300)                                                                                   
Failed 3/6 subtests                                                                                                           
t/sessions.t ...................... ok                                                                                        
t/signal-readline.t ............... ok                                                                                        
t/sni.t ........................... ok                                                                                        
t/sni_verify.t .................... ok                                                                                        
t/start-stopssl.t ................. ok                                                                                        
t/startssl-failed.t ............... ok                                                                                        
t/startssl.t ...................... ok                                                                                        
t/sysread_write.t ................. ok                                                                                        
t/verify_fingerprint.t ............ ok                                                                                        
t/verify_hostname.t ............... ok                                                                                        
t/verify_hostname_standalone.t .... ok                                                                                        
Test Summary Report                                                                                                           
-------------------                                                                                                           
t/session_ticket.t              (Wstat: 768 Tests: 6 Failed: 3)                                                               
  Failed tests:  2-3, 6                                                                                                       
  Non-zero exit status: 3                                                                                                     
Files=38, Tests=798, 54 wallclock secs ( 0.10 usr  0.02 sys +  3.32 cusr  0.36 csys =  3.80 CPU)                              
Result: FAIL                                                                                                                  
Failed 1/38 test programs. 3/798 subtests failed.                                                                             
make: *** [Makefile:791: test_dynamic] Error 255

The most significant difference between the failing Rawhide build and the Fedora 25 build (which works) is that Rawhide has OpenSSL 1.1.0c and Fedora 25 has OpenSSL 1.0.2j.

All my builds for older Fedora/RHEL versions work OK.

noxxi commented 7 years ago

This should be fixed in the just released version 2.043. Looks like OpenSSL invalidates sessions with 1.1.0 when it is not properly closed by the client with SSL_shutdown so that no reuse would be done by the client. Only fixes on the test were needed.