Closed benharri closed 2 years ago
Are you able to reproduce the problem? I have a debian:sid docker image from April, and trying there, it works correctly:
root@874166f1fd30:~/fast_tls# uname -a
Linux 874166f1fd30 5.16.0-5-amd64 #1 SMP PREEMPT Debian 5.16.14-1 (2022-03-15) x86_64 GNU/Linux
root@874166f1fd30:~/fast_tls# git describe
1.1.13-15-g35a03e7
root@874166f1fd30:~/fast_tls# openssl version
OpenSSL 3.0.4 21 Jun 2022 (Library: OpenSSL 3.0.4 21 Jun 2022)
root@874166f1fd30:~/fast_tls# rebar eunit -v
INFO: Looking for p1_utils-.* ; found p1_utils-1.0.23 at /root/fast_tls/deps/p1_utils
INFO: Looking for p1_utils-.* ; found p1_utils-1.0.23 at /root/fast_tls/deps/p1_utils
==> fast_tls (eunit)
INFO: sh info:
cwd: "/root/fast_tls"
cmd: cp -R src/fast_tls.erl src/p1_sha.erl ".eunit"
INFO: Cover compiling /root/fast_tls
======================== EUnit ========================
module 'fast_tls'
fast_tls: transmission_with_client_certificate_test...[0.472 s] ok
fast_tls: transmission_without_client_certificate_test...[0.408 s] ok
fast_tls: transmission_without_server_cert_fails_test...ok
fast_tls: not_compatible_protocol_options_test...[0.406 s] ok
[done in 1.298 s]
module 'p1_sha'
p1_sha: sha1_test...ok
p1_sha: sha224_test...ok
p1_sha: sha256_test...ok
p1_sha: sha384_test...ok
p1_sha: sha512_test...ok
p1_sha: to_hexlist_test...ok
[done in 0.018 s]
=======================================================
All 10 tests passed.
Cover analysis: /root/fast_tls/.eunit/index.html
Coverdata export: /root/fast_tls/.eunit/cover.coverdata
i will try a build outside the debian package (https://salsa.debian.org/ejabberd-packaging-team/erlang-p1-tls)
@benharri: Have you looked?
apologies, just trying now. in a fresh sid container setup:
apt update && apt dist-upgrade -y && apt install -y git erlang-dev libssl-dev rebar make build-essential
make all test
seems to be working??
root@1035a4d75234:/fast_tls# make all test
rebar get-deps compile
==> p1_utils (get-deps)
==> fast_tls (get-deps)
==> p1_utils (compile)
==> fast_tls (compile)
Compiling c_src/fast_tls.c
c_src/fast_tls.c: In function 'set_fips_mode_nif':
c_src/fast_tls.c:1409:2: warning: #warning OpenSSL 3 FIPS support not implemented [-Wcpp]
1409 | #warning OpenSSL 3 FIPS support not implemented
| ^~~~~~~
c_src/fast_tls.c:1390:7: warning: unused variable 'ret' [-Wunused-variable]
1390 | int ret = 1;
| ^~~
c_src/fast_tls.c: In function 'get_fips_mode_nif':
c_src/fast_tls.c:1422:2: warning: #warning OpenSSL 3 FIPS support not implemented [-Wcpp]
1422 | #warning OpenSSL 3 FIPS support not implemented
| ^~~~~~~
Compiling c_src/ioqueue.c
Compiling c_src/p1_sha.c
rebar skip_deps=true eunit
==> fast_tls (eunit)
Compiled src/p1_sha.erl
Compiled src/fast_tls.erl
All 10 tests passed.
Cover analysis: /fast_tls/.eunit/index.html
Coverdata export: /fast_tls/.eunit/cover.coverdata
still getting the same error with git-buildpackage and the debian package as in my initial report. i'm not able to see anything different. they're both building and running unit tests in a sid chroot/container.
full build log from gbp buildpackage
: https://bhh.sh/pub/fast_tls-error.txt
Didn't look into it, but for what it's worth, the full error message is:
fast_tls:transmission_with_client_certificate_test/0
Failure/Error: ?assertEqual(<<97,98,99,100,101,102,103,104,105>>, Msg)
expected: <<"abcdefghi">>
got: {error,<<"SSL_do_handshake failed: error:16000069:STORE routines::unregistered scheme">>,
<<>>}
%% eunit_proc.erl:346:in `eunit_proc:with_timeout/3`
Didn't look into it, but for what it's worth, the full error message is:
fast_tls:transmission_with_client_certificate_test/0 Failure/Error: ?assertEqual(<<97,98,99,100,101,102,103,104,105>>, Msg) expected: <<"abcdefghi">> got: {error,<<"SSL_do_handshake failed: error:16000069:STORE routines::unregistered scheme">>, <<>>} %% eunit_proc.erl:346:in `eunit_proc:with_timeout/3`
Oh! I've seen that before! It's a nightmare to diagnose. I even have a file nightmare.txt
in my fast_tls directory from when I was trying to diagnose it.
It happens if the 'certs' directory does not exist in your OpenSSL configuration directory - identified by openssl version -d
fast_tls $ openssl version -d
OPENSSLDIR: "/usr/local/etc/openssl@3"
No certs dir there:
fast_tls $ ls /usr/local/etc/openssl@3/certs
ls: /usr/local/etc/openssl@3/certs: No such file or directory
Reproduce the error:
fast_tls $ rebar3 eunit
===> Verifying dependencies...
===> Analyzing applications...
===> Compiling fast_tls
===> Performing EUnit tests...
F.........
Failures:
1) fast_tls:transmission_with_client_certificate_test/0
Failure/Error: ?assertEqual(<<97,98,99,100,101,102,103,104,105>>, Msg)
expected: <<"abcdefghi">>
got: {error,<<"SSL_do_handshake failed: error:16000069:STORE routines::unregistered scheme">>,
<<>>}
%% eunit_proc.erl:346:in `eunit_proc:with_timeout/3`
Output:
Output:
Finished in 1.710 seconds
10 tests, 1 failures
===> Error running tests
Create the directory:
fast_tls $ mkdir /usr/local/etc/openssl@3/certs
Error is gone:
fast_tls $ rebar3 eunit
===> Verifying dependencies...
===> Analyzing applications...
===> Compiling fast_tls
===> Performing EUnit tests...
..........
Finished in 1.814 seconds
10 tests, 0 failures
fast_tls $
It's not a fast_tls issue. I'd argue it's an OpenSSL bug but it drained enough from me diagnosing it that I had nothing left to report it.
I was able to fix the build with gbp by creating that certs dir. Thanks for the info @nosnilmot !!
I think we'll be able to solve this by adding openssl as a build-dep. I'll close it out.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013644
Building with openssl 3.0.4-2 in debian sid