[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Not sure if it could be considered as a bug, concern the tests suite
|
From: |
gmail |
|
Subject: |
Re: Not sure if it could be considered as a bug, concern the tests suite, let you see |
|
Date: |
Tue, 29 Mar 2011 01:02:04 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 |
Hello,
I have applied the "bourne shell compatible" patch and launch the test
suite, it's successfull on my build :
address@hidden make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Checking server DSA-1024 with client DSA-1024 and TLS 1.0
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.0
Checking server DSA-1024 with client DSA-3072 and TLS 1.0
Checking DSA-1024 with TLS 1.2
Checking server DSA-1024 with client DSA-1024 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-3072 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking DSA-2048 with TLS 1.0
Checking DSA-2048 with TLS 1.2
Checking DSA-3072 with TLS 1.0
Checking DSA-3072 with TLS 1.2
PASS: testdsa
=============
1 test passed
=============
I then launch a daemon on port 5559 with the goal to prevent tls server
launch and check how the test deal with potential launch failure :
address@hidden sshd -p 5559
address@hidden netstat -pan | grep 5559
tcp 0 0 0.0.0.0:5559
0.0.0.0:* LISTEN 5348/sshd
address@hidden make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
*** Fatal error: An unexpected TLS packet was received.
*** Handshake has failed
GnuTLS error: An unexpected TLS packet was received.
Failure: Failed connection to a server with DSA 1024 key and TLS 1.0!
FAIL: testdsa
===================================
1 of 1 test failed
Please report to address@hidden
===================================
The test correctly fail, but without mention tls_server launch has failed.
To show how this could be confusing, checking again with a forced TLS
server 1.0 :
address@hidden kill 5438
address@hidden src/gnutls-serv -d 9 -p 5559 --priority
"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile
../gnutls-2.12.0/tests/dsa/cert.dsa.1024.pem --x509keyfile
../gnutls-2.12.0/tests/dsa/dsa.1024.pem >/dev/null 2>&1 &
[1] 7091
address@hidden netstat -pan | grep 5559
tcp 0 0 0.0.0.0:5559 0.0.0.0:*
LISTEN 7091/lt-gnutls-serv
address@hidden make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Checking server DSA-1024 with client DSA-1024 and TLS 1.0
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.0
Checking server DSA-1024 with client DSA-3072 and TLS 1.0
../../../gnutls-2.12.0/tests/dsa/testdsa: line 68: kill: (8793) -
No such process
Checking DSA-1024 with TLS 1.2
Checking server DSA-1024 with client DSA-1024 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
*** Fatal error: The given DSA key is incompatible with the
selected TLS protocol.
*** Handshake has failed
GnuTLS error: The given DSA key is incompatible with the selected
TLS protocol.
Failure: Failed connection to a server with a client DSA 2048 key
and TLS 1.2!
FAIL: testdsa
===================================
1 of 1 test failed
Please report to address@hidden
===================================
The test correclty fail, the "./../../gnutls-2.12.0/tests/dsa/testdsa:
line 68: kill: (8793) - No such process" gives some tips about the real
issue but the "incompatible DSA key" messages could lead to misundertood it.
Perhaps this does not worth any efforts, but what did you think about
this (normaly bourne compatible) patch :
--- tests/dsa/testdsa.man 2011-03-29 00:33:24.000000000 +0200
+++ tests/dsa/testdsa.cea 2011-03-29 00:27:21.000000000 +0200
@@ -32,13 +32,31 @@
exit 1
}
+
+launch_server() {
+ PARENT=$1;
+ shift;
+ $SERV $DEBUG -p $PORT $* >/dev/null 2>&1 &
+ LOCALPID="$!";
+ trap "[ ! -z \"${LOCALPID}\" ] && kill ${LOCALPID};" 15
+ wait "${LOCALPID}"
+ LOCALRET="$?"
+ if [ "${LOCALRET}" != "0" -a "${LOCALRET}" != "143" ] ; then
+ # Houston, we'v got a problem...
+ echo "Failed to launch a gnutls-serv server !"
+ kill -10 ${PARENT}
+ fi
+}
+
+trap "fail \"Failed to launch a gnutls-serv server, aborting dsatest...
\"" 10
+
echo "Checking various DSA key sizes"
# DSA 1024 + TLS 1.0
echo "Checking DSA-1024 with TLS 1.0"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile
$srcdir/dsa.1024.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile
$srcdir/dsa.1024.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
@@ -72,7 +90,7 @@
echo "Checking DSA-1024 with TLS 1.2"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile
$srcdir/dsa.1024.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile
$srcdir/dsa.1024.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
@@ -107,7 +125,7 @@
echo "Checking DSA-2048 with TLS 1.0"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile
$srcdir/dsa.2048.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile
$srcdir/dsa.2048.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
@@ -123,7 +141,7 @@
echo "Checking DSA-2048 with TLS 1.2"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile
$srcdir/dsa.2048.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile
$srcdir/dsa.2048.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
@@ -139,7 +157,7 @@
echo "Checking DSA-3072 with TLS 1.0"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile
$srcdir/dsa.3072.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile
$srcdir/dsa.3072.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
@@ -155,7 +173,7 @@
echo "Checking DSA-3072 with TLS 1.2"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile
$srcdir/dsa.3072.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile
$srcdir/dsa.3072.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
The testdsa script abort properly with a gnutls server TLS 1.0 occupying
port 5559 :
address@hidden netstat -pan | grep 5559
tcp 0 0 0.0.0.0:5559 0.0.0.0:*
LISTEN 7091/lt-gnutls-serv
address@hidden make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Failed to launch a gnutls-serv server !
Failure: Failed to launch a gnutls-serv server, aborting dsatest...
FAIL: testdsa
===================================
1 of 1 test failed
Please report to address@hidden
===================================
It abort properly too with something on port 5559 or if the tls server
can't start for any reason :
address@hidden kill 7091
address@hidden sshd -p 5559
address@hidden netstat -pan | grep 5559
tcp 0 0 0.0.0.0:5559 0.0.0.0:*
LISTEN 25080/sshd
address@hidden make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Failed to launch a gnutls-serv server !
Failure: Failed to launch a gnutls-serv server, aborting dsatest...
FAIL: testdsa
===================================
1 of 1 test failed
Please report to address@hidden
===================================
address@hidden kill 25080
address@hidden netstat -pan | grep 5559
address@hidden echo "exit 1;" > src/gnutls-serv
address@hidden make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Failed to launch a gnutls-serv server !
Failure: Failed to launch a gnutls-serv server, aborting dsatest...
FAIL: testdsa
===================================
1 of 1 test failed
Please report to address@hidden
===================================
And if all is ok, testdsa is successfull :
address@hidden rm src/gnutls-serv
address@hidden make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Checking server DSA-1024 with client DSA-1024 and TLS 1.0
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.0
Checking server DSA-1024 with client DSA-3072 and TLS 1.0
Checking DSA-1024 with TLS 1.2
Checking server DSA-1024 with client DSA-1024 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-3072 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking DSA-2048 with TLS 1.0
Checking DSA-2048 with TLS 1.2
Checking DSA-3072 with TLS 1.0
Checking DSA-3072 with TLS 1.2
PASS: testdsa
=============
1 test passed
=============
If you think it 's worth the effort, i can launch the test suite with a
"pure" bourne shell.
Best regard, Cédric.
Le 28/03/2011 21:36, Nikos Mavrogiannopoulos a écrit :
On 03/27/2011 07:13 PM, gmail wrote:
Hello,
I have build gnutls-2.12.0 in a chroot jail (gcc 4.5.2/libc
2.13/binutils 2.21/make 3.82) on an athlon architecture as root and got
the following trouble whi dsatest :
Hello thank you for reporting and investigating that. I've fixed it
similarly to your proposal, but in a different way. I've committed
the fix at:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=2df3b9d72f283d6a52b1625465a9d1b07cd8d0c3
that should make the whole test bourne compatible. I hope
this will result to more systems being able to run those
tests with less issues.
best regards,
Nikos
- Not sure if it could be considered as a bug, concern the tests suite, let you see, gmail, 2011/03/27
- Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, Nikos Mavrogiannopoulos, 2011/03/28
- Re: Not sure if it could be considered as a bug, concern the tests suite, let you see,
gmail <=
- Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, Nikos Mavrogiannopoulos, 2011/03/29
- Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, gmail, 2011/03/29
- Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, Nikos Mavrogiannopoulos, 2011/03/30
- Re: Not sure if it could be considered as a bug, concern the tests suite, let you see, gmail, 2011/03/30