t/ssl/ocsp.t

[Christophe JAILLET <ch...@wanadoo.fr>]

Hi,

I see test errors in #1 and #3 in t/ssl/ocsp.t.

Does anyone else see it?


Looking deeper at the output (i.e. --verbose), it looks like the issue 
is in the test itself.
All conditions seem to be there, but I need to turn:
    my $message = $r->message();
into:
    my $message = $r->content();

in both tests to have them pass.

Is it expected?


I don't remind issues with this test in the past.
This part of the test has been changed in r1844479.

CJ

Re: t/ssl/ocsp.t

[Rainer Jung <ra...@kippdata.de>]

Am 05.02.2019 um 11:33 schrieb Joe Orton:
> On Thu, Jan 17, 2019 at 09:02:02PM +0100, Christophe JAILLET wrote:
>> Hi,
>>
>> I see test errors in #1 and #3 in t/ssl/ocsp.t.
>>
>> Does anyone else see it?
> 
> I see it too.  I changed it as you suggested in r1852984, maybe Rainer
> will comment if it breaks things for for him again.

No, looks good.

In my environments, content and message are the same, so old and new 
version of the test is successful. The only small delta between content 
and message is when using client plus server with OpenSSL 1.1.1, then 
the message is

   Status read failed:

and content

   Status read failed:  at /path/to/Net/HTTP/Methods.pm line 282.

Which doesn't matter in the regexp those strings are checked against.

I have not updated my bundle installation since mid september 2018 (plus 
patches at that time to make it work with TLS 1.3).

When either client or server are below 1.1.1, messages/content for the 
two test cases is more precise:

Can't connect to localhost:8535 (SSL connect attempt failed because of 
handshake problems error:14094410:SSL routines:ssl3_read_bytes:sslv3 
alert handshake failure)

and

Can't connect to localhost:8535 (SSL connect attempt failed because of 
handshake problems error:14094410:SSL routines:ssl3_read_bytes:sslv3 
alert certificate revoked)

Depending on the OpenSSL version, the error number can also be 14094414 
and the method SSL3_READ_BYTES (upper case). Maybe in a more modern or 
future bundle setup, TLS 1.3 based tests will be back to also showing 
the real reason and not just "read failed".

Anyways, any of those variations match the regexp which is used in the 
test. No problem with the updated test here.

> I was seeing this with openssl-1.1.1a and the Fedora IO::Socket::SSL is
> at 2.060 but with a bunch of OpenSSL 1.1.1/TLSv1.3 patches applied,
> which might well make a difference.
> 
> Regards, Joe
> 
> 
>> Looking deeper at the output (i.e. --verbose), it looks like the issue is in
>> the test itself.
>> All conditions seem to be there, but I need to turn:
>>     my $message = $r->message();
>> into:
>>     my $message = $r->content();
>>
>> in both tests to have them pass.
>>
>> Is it expected?
>>
>>
>> I don't remind issues with this test in the past.
>> This part of the test has been changed in r1844479.

Regards,

Rainer

Re: t/ssl/ocsp.t

[Joe Orton <jo...@redhat.com>]

On Thu, Jan 17, 2019 at 09:02:02PM +0100, Christophe JAILLET wrote:
> Hi,
> 
> I see test errors in #1 and #3 in t/ssl/ocsp.t.
> 
> Does anyone else see it?

I see it too.  I changed it as you suggested in r1852984, maybe Rainer 
will comment if it breaks things for for him again.

I was seeing this with openssl-1.1.1a and the Fedora IO::Socket::SSL is 
at 2.060 but with a bunch of OpenSSL 1.1.1/TLSv1.3 patches applied, 
which might well make a difference.

Regards, Joe


> Looking deeper at the output (i.e. --verbose), it looks like the issue is in
> the test itself.
> All conditions seem to be there, but I need to turn:
>    my $message = $r->message();
> into:
>    my $message = $r->content();
> 
> in both tests to have them pass.
> 
> Is it expected?
> 
> 
> I don't remind issues with this test in the past.
> This part of the test has been changed in r1844479.