You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@serf.apache.org by "Evgeny Kotkov (Jira)" <ji...@apache.org> on 2023/05/31 19:53:00 UTC
[jira] [Resolved] (SERF-202) SSL tests are not passing with OpenSSL 3
[ https://issues.apache.org/jira/browse/SERF-202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Evgeny Kotkov resolved SERF-202.
--------------------------------
Fix Version/s: serf-1.3.10
Resolution: Fixed
> SSL tests are not passing with OpenSSL 3
> ----------------------------------------
>
> Key: SERF-202
> URL: https://issues.apache.org/jira/browse/SERF-202
> Project: serf
> Issue Type: Bug
> Affects Versions: serf-1.3.9
> Reporter: Tomáš Korbař
> Priority: Major
> Fix For: serf-1.3.10
>
>
> Hi,
> It appears that libserf 1.3.9 is not able to work with openssl 3 library.
> When i run tests of libserf compiled with openssl 3 then i get following errors:
> Start 1: chunked-empty.response
> Start 2: chunked-trailers.response
> Start 3: chunked.response
> Start 4: deflate.response
> Start 5: simple.response
> Start 6: test_all
> 1/6 Test #1: chunked-empty.response ........... Passed 0.00 sec
> 2/6 Test #2: chunked-trailers.response ........ Passed 0.00 sec
> 3/6 Test #3: chunked.response ................. Passed 0.00 sec
> 4/6 Test #4: deflate.response ................. Passed 0.00 sec
> 5/6 Test #5: simple.response .................. Passed 0.00 sec
> 6/6 Test #6: test_all .........................***Failed 44.78 sec
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> C02984F7:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354:
> ...........FF.FFFFFFFFFF.FFFFF....................................
> There were 17 failures:
> 1) test_ssl_handshake: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 2) test_ssl_trust_rootca: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 3) test_ssl_certificate_chain_with_anchor: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 4) test_ssl_certificate_chain_all_from_server: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 5) test_ssl_no_servercert_callback_allok: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 6) test_ssl_no_servercert_callback_fail: /builddir/build/BUILD/serf-1.3.9/test/test_context.c:1560: expected <120170> but was <120199>
> 7) test_ssl_large_response: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 8) test_ssl_large_request: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 9) test_ssl_client_certificate: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 10) test_ssl_expired_server_cert: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 11) test_ssl_future_server_cert: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 12) test_setup_ssltunnel: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> 13) test_ssltunnel_basic_auth: /builddir/build/BUILD/serf-1.3.9/test/test_context.c:2138: expected <0> but was <120199>
> 14) test_ssltunnel_basic_auth_server_has_keepalive_off: /builddir/build/BUILD/serf-1.3.9/test/test_context.c:2138: expected <0> but was <120199>
> 15) test_ssltunnel_basic_auth_proxy_has_keepalive_off: /builddir/build/BUILD/serf-1.3.9/test/test_context.c:2138: expected <0> but was <120199>
> 16) test_ssltunnel_basic_auth_proxy_close_conn_on_200resp: /builddir/build/BUILD/serf-1.3.9/test/test_context.c:2138: expected <0> but was <120199>
> 17) test_ssltunnel_digest_auth: /builddir/build/BUILD/serf-1.3.9/test/test_util.c:456: expected <0> but was <120199>
> !!!FAILURES!!!
> Runs: 66 Passes: 49 Fails: 17
> 83% tests passed, 1 tests failed out of 6
> Total Test time (real) = 44.79 sec
> The following tests FAILED:
> 6 - test_all (Failed)
>
> I tried to find cause of this issue but unfortunately with no success. The tests are not able to perform ssl handshake as if the communication was not using tls at all. The certificates are not expired, i regenerated them and tested that the tests work with openssl 1.1.1.
> Thanks for any help you can provide.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)