Not sure if it could be considered as a bug, concern the tests suite, le

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Not sure if it could be considered as a bug, concern the tests suite, le

From:	gmail
Subject:	Not sure if it could be considered as a bug, concern the tests suite, let you see
Date:	Sun, 27 Mar 2011 19:13:50 +0200
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9

Hello,

I have build gnutls-2.12.0 in a chroot jail (gcc 4.5.2/libc2.13/binutils 2.21/make 3.82) on an athlon architecture as root and gotthe following trouble whi dsatest :


    address@hidden ../gnutls-2.12.0/configure && make

    ...

    address@hidden make check

    ...

make[3]: Leaving directory`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'make[2]: Leaving directory`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'

    Making check in dsa
    make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    make  testdsa
    make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'

make[3]: Nothing to be done for`../../../gnutls-2.12.0/tests/dsa/testdsa'.

    make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    make  check-TESTS
    make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    Checking various DSA key sizes
    Checking DSA-1024 with TLS 1.0
    Checking server DSA-1024 with client DSA-1024 and TLS 1.0
    Processed 1 client certificates...
    Processed 1 client X.509 certificates...
    Checking server DSA-1024 with client DSA-2048 and TLS 1.0
    Checking server DSA-1024 with client DSA-3072 and TLS 1.0

../../../gnutls-2.12.0/tests/dsa/testdsa: line 83: kill: `%1': nota pid or valid job spec


<[CTRL][C]>

  ^CFAIL: testdsa
    ===================================
    1 of 1 test failed
    Please report to address@hidden
    ===================================
    ...

    address@hidden

I choose to ignore the kill notice and focus on the freeze of the test(a bad idea, as i will see later...),

i relaunch a second time the tests suite to check if it could be repeated :



    address@hidden make check

    ...

make[3]: Leaving directory`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'make[2]: Leaving directory`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'

    Making check in dsa
    make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    make  testdsa
    make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'

make[3]: Nothing to be done for`../../../gnutls-2.12.0/tests/dsa/testdsa'.

    make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    make  check-TESTS
    make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    Checking various DSA key sizes
    Checking DSA-1024 with TLS 1.0
    Checking server DSA-1024 with client DSA-1024 and TLS 1.0
    Processed 1 client certificates...
    Processed 1 client X.509 certificates...
    Checking server DSA-1024 with client DSA-2048 and TLS 1.0
    Checking server DSA-1024 with client DSA-3072 and TLS 1.0

../../../gnutls-2.12.0/tests/dsa/testdsa: line 67: kill: `%1': nota pid or valid job spec

    Checking DSA-1024 with TLS 1.2
    Checking server DSA-1024 with client DSA-1024 and TLS 1.2
    Processed 1 client certificates...
    Processed 1 client X.509 certificates...
    Checking server DSA-1024 with client DSA-2048 and TLS 1.2
    Processed 1 client certificates...
    Processed 1 client X.509 certificates...

*** Fatal error: The given DSA key is incompatible with theselected TLS protocol.

    *** Handshake has failed

GnuTLS error: The given DSA key is incompatible with the selectedTLS protocol.Failure: Failed connection to a server with a client DSA 2048 keyand TLS 1.2!

    FAIL: testdsa
    ===================================
    1 of 1 test failed
    Please report to address@hidden
    ===================================
    ...

    address@hidden

Apparently, something was wrong with TLS 1.2, so i turn on debugging intestdsa :

--- gnutls-2.12.0/tests/dsa/testdsa.orig 2011-03-2319:46:59.000000000 +0100

+++ gnutls-2.12.0/tests/dsa/testdsa    2011-03-27 14:01:10.000000000 +0200
@@ -24,7 +24,7 @@
 SERV="${SERV:-../../src/gnutls-serv} -q"
 CLI="${CLI:-../../src/gnutls-cli}"
 PORT="${PORT:-5559}"
-DEBUG=""
+DEBUG="-d 9"
 unset RETCODE

 fail() {



and relaunch a third time the tests suite :



    address@hidden make check

    ...

    Checking server DSA-1024 with client DSA-2048 and TLS 1.2
    Processed 1 client certificates...
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/x509_b64.c:453
    |<2>| Could not find '-----BEGIN RSA PRIVATE KEY'
    Processed 1 client X.509 certificates...
    |<4>| REC[0x8062b20]: Allocating epoch #0
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/gnutls_constate.c:695
    |<4>| REC[0x8062b20]: Allocating epoch #1
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1

|<3>| HSK[0x8062b20]: Keeping ciphersuite:DHE_RSA_CAMELLIA_128_CBC_SHA1

    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1

|<3>| HSK[0x8062b20]: Keeping ciphersuite:DHE_RSA_CAMELLIA_256_CBC_SHA1

    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1

|<3>| HSK[0x8062b20]: Keeping ciphersuite:DHE_DSS_CAMELLIA_128_CBC_SHA1

    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1

|<3>| HSK[0x8062b20]: Keeping ciphersuite:DHE_DSS_CAMELLIA_256_CBC_SHA1

    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
    |<3>| HSK[0x8062b20]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
    |<2>| EXT[0x8062b20]: Sending extension CERT TYPE (3 bytes)
    |<2>| EXT[0x8062b20]: Sending extension SERVER NAME (14 bytes)
    |<2>| EXT[0x8062b20]: Sending extension SAFE RENEGOTIATION (1 bytes)
    |<2>| EXT[0x8062b20]: Sending extension SESSION TICKET (0 bytes)
    |<2>| EXT[SIGA]: sent signature algo (4.2) DSA-SHA256
    |<2>| EXT[SIGA]: sent signature algo (4.1) RSA-SHA256
    |<2>| EXT[SIGA]: sent signature algo (2.1) RSA-SHA1
    |<2>| EXT[SIGA]: sent signature algo (2.2) DSA-SHA1
    |<2>| EXT[0x8062b20]: Sending extension SIGNATURE ALGORITHMS (10 bytes)
    |<3>| HSK[0x8062b20]: CLIENT HELLO was sent [139 bytes]
    |<4>| REC[0x8062b20]: Sending Packet[0] Handshake(22) with length: 139
    |<4>| REC[0x8062b20]: Sent Packet[1] Handshake(22) with length: 144
    |<4>| REC[0x8062b20]: Expected Packet[0] Handshake(22) with length: 1
    |<4>| REC[0x8062b20]: Received Packet[0] Handshake(22) with length: 85
    |<4>| REC[0x8062b20]: Decrypted Packet[0] Handshake(22) with length: 85
    |<3>| HSK[0x8062b20]: SERVER HELLO was received [85 bytes]
    |<3>| HSK[0x8062b20]: Server's version: 3.1
    |<3>| HSK[0x8062b20]: SessionID length: 32

|<3>| HSK[0x8062b20]: SessionID:42fdb8a2c661db286038ab89073cbb496eace1fa7f43a23b4e5b23a91e09924a

    |<3>| HSK[0x8062b20]: Selected cipher suite: DHE_DSS_AES_128_CBC_SHA1

|<2>| EXT[0x8062b20]: Parsing extension 'SAFE RENEGOTIATION/65281'(1 bytes)

    |<2>| EXT[0x8062b20]: Parsing extension 'SESSION TICKET/35' (0 bytes)
    |<3>| HSK[0x8062b20]: Safe renegotiation succeeded
    |<4>| REC[0x8062b20]: Expected Packet[1] Handshake(22) with length: 1
    |<4>| REC[0x8062b20]: Received Packet[1] Handshake(22) with length: 863

|<4>| REC[0x8062b20]: Decrypted Packet[1] Handshake(22) withlength: 863

    |<3>| HSK[0x8062b20]: CERTIFICATE was received [863 bytes]
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/ext_signature.c:386
    |<4>| REC[0x8062b20]: Expected Packet[2] Handshake(22) with length: 1
    |<4>| REC[0x8062b20]: Received Packet[2] Handshake(22) with length: 315

|<4>| REC[0x8062b20]: Decrypted Packet[2] Handshake(22) withlength: 315

    |<3>| HSK[0x8062b20]: SERVER KEY EXCHANGE was received [315 bytes]
    |<4>| REC[0x8062b20]: Expected Packet[3] Handshake(22) with length: 1
    |<4>| REC[0x8062b20]: Received Packet[3] Handshake(22) with length: 9
    |<4>| REC[0x8062b20]: Decrypted Packet[3] Handshake(22) with length: 9
    |<3>| HSK[0x8062b20]: CERTIFICATE REQUEST was received [9 bytes]
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/ext_signature.c:499
    |<4>| REC[0x8062b20]: Expected Packet[4] Handshake(22) with length: 1
    |<4>| REC[0x8062b20]: Received Packet[4] Handshake(22) with length: 4
    |<4>| REC[0x8062b20]: Decrypted Packet[4] Handshake(22) with length: 4
    |<3>| HSK[0x8062b20]: SERVER HELLO DONE was received [4 bytes]
    |<3>| HSK[0x8062b20]: CERTIFICATE was sent [1293 bytes]
    |<3>| HSK[0x8062b20]: CLIENT KEY EXCHANGE was sent [134 bytes]
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/gnutls_sig.c:716
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/auth_cert.c:1559
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/gnutls_kx.c:336
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/gnutls_handshake.c:2832

*** Fatal error: The given DSA key is incompatible with theselected TLS protocol.

    |<4>| REC: Sending Alert[2|40] - Handshake failed
    |<4>| REC[0x8062b20]: Sending Packet[1] Alert(21) with length: 2
    |<4>| REC[0x8062b20]: Sent Packet[2] Alert(21) with length: 7
    *** Handshake has failed

GnuTLS error: The given DSA key is incompatible with the selectedTLS protocol.

    |<4>| REC[0x8062b20]: Epoch #0 freed
    |<4>| REC[0x8062b20]: Epoch #1 freed

Failure: Failed connection to a server with a client DSA 2048 keyand TLS 1.2!

    FAIL: testdsa
    ===================================
    1 of 1 test failed
    Please report to address@hidden
    ===================================
    ...

    address@hidden

After having check the assert at line 716 ingnutls-2.12.0/lib/gnutls_sig.c and seen nothing wrong,

i modify it to get details on what the client get from the server :

--- gnutls-2.12.0/lib/gnutls_sig.c.orig 2011-03-23 19:46:37.000000000 +0100
+++ gnutls-2.12.0/lib/gnutls_sig.c      2011-03-27 14:47:22.000000000 +0200
@@ -712,8 +712,10 @@
     case GNUTLS_PK_DSA:
       /* ensure 1024 bit DSA keys are used */
       hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]);

- if (!_gnutls_version_has_selectable_sighash (ver) && hash_algo !=GNUTLS_DIG_SHA1)+ if (!_gnutls_version_has_selectable_sighash (ver) && hash_algo !=GNUTLS_DIG_SHA1) {+ _gnutls_debug_log ("DEBUGLOG: %d, %d, %s\n", ver, hash_algo,gnutls_mac_get_name (hash_algo));returngnutls_assert_val(GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);

+      }

       dconcat.data = &concat[16];
       dconcat.size = 20;




And relaunch, fourth time, the tests suite :


    address@hidden make check

    ...

    |<3>| HSK[0x8062b20]: CERTIFICATE REQUEST was received [9 bytes]
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/ext_signature.c:499
    |<4>| REC[0x8062b20]: Expected Packet[4] Handshake(22) with length: 1
    |<4>| REC[0x8062b20]: Received Packet[4] Handshake(22) with length: 4
    |<4>| REC[0x8062b20]: Decrypted Packet[4] Handshake(22) with length: 4
    |<3>| HSK[0x8062b20]: SERVER HELLO DONE was received [4 bytes]
    |<3>| HSK[0x8062b20]: CERTIFICATE was sent [1293 bytes]
    |<3>| HSK[0x8062b20]: CLIENT KEY EXCHANGE was sent [134 bytes]
    |<2>| DEBUGLOG: 2, 6, SHA256
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/gnutls_sig.c:717
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/auth_cert.c:1559
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/gnutls_kx.c:336
    |<2>| ASSERT: ../../gnutls-2.12.0/lib/gnutls_handshake.c:2832

*** Fatal error: The given DSA key is incompatible with theselected TLS protocol.

    |<4>| REC: Sending Alert[2|40] - Handshake failed
    |<4>| REC[0x8062b20]: Sending Packet[1] Alert(21) with length: 2
    |<4>| REC[0x8062b20]: Sent Packet[2] Alert(21) with length: 7
    *** Handshake has failed

GnuTLS error: The given DSA key is incompatible with the selectedTLS protocol.

    |<4>| REC[0x8062b20]: Epoch #0 freed
    |<4>| REC[0x8062b20]: Epoch #1 freed

Failure: Failed connection to a server with a client DSA 2048 keyand TLS 1.2!

    FAIL: testdsa
    ===================================
    1 of 1 test failed
    Please report to address@hidden
    ===================================

    ...

    address@hidden

The value 2 in (|<2>| DEBUGLOG: 2, 6, SHA256) mean TLS 1.0, but the testwas supposed to deal with a TLS 1.2 server at this step...

I then remember, with a shiver in the back,  the kill notice... :

    address@hidden  ps -efa | grep tls

root 2329 26908 0 15:01 pts/10 00:00:00 vignutls-2.12.0/tests/dsa/testd

    root      2361  7462  0 15:07 pts/2    00:00:00 grep tls

root 5752 1 0 Mar26 pts/2 00:00:00/usr/src/gnutls-2.12.0_build/src


    address@hidden  cat /proc/5752/cmdline

/usr/src/gnutls-2.12.0_build/src/.libs/lt-gnutls-serv-q-p5559--priorityNORMAL:-VERS-TLS-ALL:+VERS-TLS1.0--x509certfile../../../gnutls-2.12.0/tests/dsa/cert.dsa.1024.pem--x509keyfile../../../gnutls-2.12.0/tests/dsa/dsa.1024.pem


    address@hidden

Well... The client was still discussing with the TLS 1.0 server launcheda the first tests suite run, which was never killed...I then modify gnutls-2.12.0/tests/dsa/testdsa to signal the fact therewas a problem with server's launch (full patch at the end of the mail),remove debug mode and launch the tests suite :




    address@hidden make check

    ...

make[3]: Leaving directory`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'make[2]: Leaving directory`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'

    Making check in dsa
    make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    make  testdsa
    make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'

make[3]: Nothing to be done for`../../../gnutls-2.12.0/tests/dsa/testdsa'.

    make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    make  check-TESTS
    make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    Checking various DSA key sizes
    Checking DSA-1024 with TLS 1.0
    Failure: Unable to launch server DSA-1024 with TLS 1.0 !
    FAIL: testdsa
    ===================================
    1 of 1 test failed
    Please report to address@hidden
    ===================================

    ...

    address@hidden

Ok, this time the testdsa script warn about some trouble with the serverlaunch from the first server launch.It's the expected behavior, considering there is still a running serveron the 5559 tcp port.

I finally focus on the kill notice and do some basics checks :


    address@hidden  read &

    [1] 12466

    address@hidden  /bin/kill %1

    kill: can't find process "%1"

    [1]+  Stopped                 read

    address@hidden  /bin/kill --version

    kill from util-linux 2.19

    address@hidden kill %1

    [1]+  Stopped                 read

    address@hidden

The testdsa shell does not use shell builtin kill command and builtinkill command is mandatory for job control monitoring.

I then modfy the testdsa in this way :

--- gnutls-2.12.0/tests/dsa/testdsa.orig 2011-03-2319:46:59.000000000 +0100

+++ gnutls-2.12.0/tests/dsa/testdsa     2011-03-27 17:37:04.000000000 +0200
@@ -32,6 +32,26 @@
    exit 1
 }

+enable_bash_job_monitoring() {
+       set -m
+       enable jobs
+       enable kill
+}
+
+# Check for ps or /proc availability
+if test "$(ps 2>&1 > /dev/null; echo $?)" != "0" ; then
+        # Check for porc filesusyem
+        if test -d /proc -a -d /proc/$$ ; then
+                CHECKPS="test -d /proc/\${PROCESS}"
+        fi
+else

+ CHECKPS="test \"\$(ps -p \${PROCESS} 2>&1 > /dev/null; echo\$?)\" = \"0\""

+fi
+
+# Required for bash allowing job montioring bultins
+enable_bash_job_monitoring 2>&1 > /dev/null
+
+
 echo "Checking various DSA key sizes"

 # DSA 1024 + TLS 1.0
@@ -39,127 +59,166 @@
 echo "Checking DSA-1024 with TLS 1.0"

$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"--x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile$srcdir/dsa.1024.pem >/dev/null 2>&1 &

+PROCESS=$!

 # give the server a chance to initialize
 sleep 2

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
-  fail "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+if eval ${CHECKPS} ; then
+
+       $CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \

+ fail "Failed connection to a server with DSA 1024 key and TLS1.0!"


-echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0"
+       echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0"

-#try with client key of 1024 bits (should succeed)

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null>/dev/null || \

-  fail "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+       #try with client key of 1024 bits (should succeed)

+ $CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null>/dev/null || \+ fail "Failed connection to a server with DSA 1024 key and TLS1.0!"


-echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0"
+       echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0"

-#try with client key of 2048 bits (should fail)

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null>/dev/null 2>&1 && \- fail "Succeeded connection to a server with a client DSA 2048 key andTLS 1.0!"

+       #try with client key of 2048 bits (should fail)

+ $CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null>/dev/null 2>&1 && \+ fail "Succeeded connection to a server with a client DSA 2048key and TLS 1.0!"



-echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0"
+       echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0"

-#try with client key of 3072 bits (should fail)

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null>/dev/null 2>&1 && \- fail "Succeeded connection to a server with a client DSA 3072 key andTLS 1.0!"

+       #try with client key of 3072 bits (should fail)

+ $CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null>/dev/null 2>&1 && \+ fail "Succeeded connection to a server with a client DSA 3072key and TLS 1.0!"


-kill %1
-wait
+       jobs >&2
+       kill %1
+       wait
+else
+       fail "Unable to launch server DSA-1024 with TLS 1.0 !"
+fi

 # DSA 1024 + TLS 1.2

 echo "Checking DSA-1024 with TLS 1.2"

$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"--x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile$srcdir/dsa.1024.pem >/dev/null 2>&1 &

+PROCESS=$!

 # give the server a chance to initialize
 sleep 2

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
-  fail "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+if eval ${CHECKPS} ; then
+
+       $CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \

+ fail "Failed connection to a server with DSA 1024 key and TLS1.2!"


-echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2"
+       echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2"

-#try with client key of 1024 bits (should succeed)

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null>/dev/null || \

-  fail "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+       #try with client key of 1024 bits (should succeed)


-echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2"
+       echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2"

-#try with client key of 2048 bits (should succeed)

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null>/dev/null || \- fail "Failed connection to a server with a client DSA 2048 key andTLS 1.2!"

+       #try with client key of 2048 bits (should succeed)

+ $CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null>/dev/null || \+ fail "Failed connection to a server with a client DSA 2048 keyand TLS 1.2!"


-echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2"
+       echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2"

-#try with client key of 3072 bits (should succeed)

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null>/dev/null || \- fail "Failed connection to a server with a client DSA 3072 key andTLS 1.2!"

+       #try with client key of 3072 bits (should succeed)

+ $CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile$srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null>/dev/null || \+ fail "Failed connection to a server with a client DSA 3072 keyand TLS 1.2!"



-kill %1
-wait
+       kill %1
+       wait
+else
+       fail "Unable to launch server DSA-1024 with TLS 1.2 !"
+fi

 # DSA 2048 + TLS 1.0

 echo "Checking DSA-2048 with TLS 1.0"

$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"--x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile$srcdir/dsa.2048.pem >/dev/null 2>&1 &

+PROCESS=$!

 # give the server a chance to initialize
 sleep 2

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \

- fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0.Should have failed!"

+if eval ${CHECKPS} ; then

-kill %1
-wait

+ $CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null2>&1 && \+ fail "Succeeded connection to a server with DSA 2048 key andTLS 1.0. Should have failed!"

+
+       kill %1
+       wait
+else
+       fail "Unable to launch server DSA-2048 with TLS 1.0 !"
+fi

 # DSA 2048 + TLS 1.2

 echo "Checking DSA-2048 with TLS 1.2"

$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"--x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile$srcdir/dsa.2048.pem >/dev/null 2>&1 &

+PROCESS=$!

 # give the server a chance to initialize
 sleep 2

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
-  fail "Failed connection to a server with DSA 2048 key and TLS 1.2!"
+if eval ${CHECKPS} ; then
+
+       $CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \

+ fail "Failed connection to a server with DSA 2048 key and TLS1.2!"


-kill %1
-wait
+       kill %1
+       wait
+else
+       fail "Unable to launch server DSA-2048 with TLS 1.2 !"
+fi

 # DSA 3072 + TLS 1.0

 echo "Checking DSA-3072 with TLS 1.0"

$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"--x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile$srcdir/dsa.3072.pem >/dev/null 2>&1 &

+PROCESS=$!

 # give the server a chance to initialize
 sleep 2

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \

- fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0.Should have failed!"

+if eval ${CHECKPS} ; then
+

+ $CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null2>&1 && \+ fail "Succeeded connection to a server with DSA 2048 key andTLS 1.0. Should have failed!"

+
+       kill %1
+       wait
+else
+       fail "Unable to launch server DSA-3072 with TLS 1.0 !"
+fi

-kill %1
-wait

 # DSA 3072 + TLS 1.2

 echo "Checking DSA-3072 with TLS 1.2"

$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"--x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile$srcdir/dsa.3072.pem >/dev/null 2>&1 &

+PROCESS=$!

 # give the server a chance to initialize
 sleep 2

-$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
-  fail "Failed connection to a server with DSA 3072 key and TLS 1.2!"
+if eval ${CHECKPS} ; then
+
+       $CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \

+ fail "Failed connection to a server with DSA 3072 key and TLS1.2!"

+
+       kill %1
+       wait
+else
+       fail "Unable to launch server DSA-3072 with TLS 1.2 !"
+fi

-kill %1
-wait

 exit 0




And then kill the still running TLS server and relaunch the tests suite :



    address@hidden kill 5752

    address@hidden make check

    ...

make[3]: Leaving directory`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'make[2]: Leaving directory`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'

    Making check in dsa
    make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    make  testdsa
    make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'

make[3]: Nothing to be done for`../../../gnutls-2.12.0/tests/dsa/testdsa'.

    make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    make  check-TESTS
    make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
    Checking various DSA key sizes
    Checking DSA-1024 with TLS 1.0
    Checking server DSA-1024 with client DSA-1024 and TLS 1.0
    Processed 1 client certificates...
    Processed 1 client X.509 certificates...
    Checking server DSA-1024 with client DSA-2048 and TLS 1.0
    Checking server DSA-1024 with client DSA-3072 and TLS 1.0

[1]+ Running $SERV $DEBUG -p $PORT --priority"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile$srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null2>&1 &

    Checking DSA-1024 with TLS 1.2
    Checking server DSA-1024 with client DSA-1024 and TLS 1.2
    Processed 1 client certificates...
    Processed 1 client X.509 certificates...
    Checking server DSA-1024 with client DSA-2048 and TLS 1.2
    Processed 1 client certificates...
    Processed 1 client X.509 certificates...
    Checking server DSA-1024 with client DSA-3072 and TLS 1.2
    Processed 1 client certificates...
    Processed 1 client X.509 certificates...
    Checking DSA-2048 with TLS 1.0
    Checking DSA-2048 with TLS 1.2
    Checking DSA-3072 with TLS 1.0
    Checking DSA-3072 with TLS 1.2
    PASS: testdsa
    =============
    1 test passed
    =============

    ...


Finally it's successfull...

And this time, i have checked the gnutls commit's page before sendingthis report :-)


Hope this will help, best regards, Cedric.

[Prev in Thread]

Current Thread

[Next in Thread]

Not sure if it could be considered as a bug, concern the tests suite, let you see, gmail <=
- Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, Nikos Mavrogiannopoulos, 2011/03/28
  - Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, gmail, 2011/03/28
    - Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, Nikos Mavrogiannopoulos, 2011/03/29
    - Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, gmail, 2011/03/29
    - Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, Nikos Mavrogiannopoulos, 2011/03/30
    - Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, gmail, 2011/03/30

Prev by Date: Re: Probable bug in openpgp
Next by Date: Re: Not sure if it could be considered as a bug, concern the tests suite, let you see
Previous by thread: Probable bug in openpgp
Next by thread: Re: Not sure if it could be considered as a bug, concern the tests suite, let you see
Index(es):
- Date
- Thread