You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@serf.apache.org by James McCoy <ja...@debian.org> on 2020/12/31 03:39:28 UTC
Re: Bug#978353: serf: FTBFS: test_ssl_handshake fails with OpenSSL
1.1.1i
On Tue, Dec 29, 2020 at 02:35:11PM -0500, Justin Erenkrantz wrote:
> The OpenSSL devs intended this to be a breaking change - but it's not
> documented anywhere. Sigh.
>
> I've got a WIP patch against trunk that causes test_ssl to pass - see below.
> It also seems to work with OpenSSL 1.1.1h as well as OpenSSL 1.1.1i /
> 1.1.1-stable, AFAICT.
>
> James: can you please give it a try as well?
Yes, I can confirm this fixes test_ssl_handshake on trunk. There's
enough difference between trunk and branches/1.3.x that it doesn't apply
cleanly there.
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Re: Bug#978353: serf: FTBFS: test_ssl_handshake fails with OpenSSL 1.1.1i
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
On Fri, Jan 15, 2021 at 9:13 PM James McCoy <ja...@debian.org> wrote:
> On Fri, Jan 15, 2021 at 08:36:22AM -0500, Justin Erenkrantz wrote:
> > Sadly, my Debian sid box ran into other issues and is currently
> inaccessible.
> >
> > I *think* that this would address the 1.3.x test issues, but 1.3.x
> doesn't
> > build on Mac OS for me for other reasons...so, let me know how it goes?
> =) --
>
> Success!
>
Great! I'd recommend just picking that up as a local patch for now and
we'll work towards releasing a 1.4.0 with this and a bunch of other
goodness in the coming weeks/months.
From a quick look at debian-devel-announce, it looks like the Bullseye
freeze has just started ; so, probably by the time the unstable window
opens again post-Bullseye, we'll be able to land a proper 1.4.0.
Cheers. -- justin
Re: Bug#978353: serf: FTBFS: test_ssl_handshake fails with OpenSSL
1.1.1i
Posted by James McCoy <ja...@debian.org>.
On Fri, Jan 15, 2021 at 08:36:22AM -0500, Justin Erenkrantz wrote:
> Sadly, my Debian sid box ran into other issues and is currently inaccessible.
>
> I *think* that this would address the 1.3.x test issues, but 1.3.x doesn't
> build on Mac OS for me for other reasons...so, let me know how it goes? =) --
Success!
Thanks,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Re: Bug#978353: serf: FTBFS: test_ssl_handshake fails with OpenSSL 1.1.1i
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
Sadly, my Debian sid box ran into other issues and is currently
inaccessible.
I *think* that this would address the 1.3.x test issues, but 1.3.x doesn't
build on Mac OS for me for other reasons...so, let me know how it goes?
=) -- justin
Index: test/test_context.c
===================================================================
--- test/test_context.c (revision 1885525)
+++ test/test_context.c (working copy)
@@ -1138,7 +1138,7 @@
/* We expect an error from the certificate validation function. */
if (failures & expected_failures)
- return APR_SUCCESS;
+ return APR_EGENERAL;
else
return SERF_ERROR_ISSUE_IN_TESTSUITE;
}
@@ -1206,8 +1206,8 @@
create_new_request(tb, &handler_ctx[0], "GET", "/", 1);
- test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx,
- test_pool);
+ test_helper_run_requests_expect_fail(tc, tb, num_requests, handler_ctx,
+ test_pool);
}
/* Set up the ssl context with the CA and root CA certificates needed for
@@ -1774,8 +1774,8 @@
create_new_request(tb, &handler_ctx[0], "GET", "/", 1);
- test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx,
- test_pool);
+ test_helper_run_requests_expect_fail(tc, tb, num_requests, handler_ctx,
+ test_pool);
}
/* Validate that the expired certificate is reported as failure in the
@@ -1820,8 +1820,8 @@
create_new_request(tb, &handler_ctx[0], "GET", "/", 1);
- test_helper_run_requests_expect_ok(tc, tb, num_requests, handler_ctx,
- test_pool);
+ test_helper_run_requests_expect_fail(tc, tb, num_requests, handler_ctx,
+ test_pool);
}
Index: test/test_serf.h
===================================================================
--- test/test_serf.h (revision 1885525)
+++ test/test_serf.h (working copy)
@@ -239,6 +239,12 @@
int num_requests,
handler_baton_t handler_ctx[],
apr_pool_t *pool);
+void
+test_helper_run_requests_expect_fail(CuTest *tc, test_baton_t *tb,
+ int num_requests,
+ handler_baton_t handler_ctx[],
+ apr_pool_t *pool);
+
serf_bucket_t* accept_response(serf_request_t *request,
serf_bucket_t *stream,
void *acceptor_baton,
Index: test/test_util.c
===================================================================
--- test/test_util.c (revision 1885525)
+++ test/test_util.c (working copy)
@@ -461,6 +461,19 @@
CuAssertIntEquals(tc, num_requests, tb->handled_requests->nelts);
}
+void
+test_helper_run_requests_expect_fail(CuTest *tc, test_baton_t *tb,
+ int num_requests,
+ handler_baton_t handler_ctx[],
+ apr_pool_t *pool)
+{
+ apr_status_t status;
+
+ status = test_helper_run_requests_no_check(tc, tb, num_requests,
+ handler_ctx, pool);
+ CuAssertIntEquals(tc, APR_EGENERAL, status);
+}
+
serf_bucket_t* accept_response(serf_request_t *request,
serf_bucket_t *stream,
void *acceptor_baton,
On Thu, Jan 14, 2021 at 11:35 PM James McCoy <ja...@debian.org> wrote:
> Happy New Year!
>
> On Wed, Dec 30, 2020 at 10:39:28PM -0500, James McCoy wrote:
> > On Tue, Dec 29, 2020 at 02:35:11PM -0500, Justin Erenkrantz wrote:
> > > The OpenSSL devs intended this to be a breaking change - but it's not
> > > documented anywhere. Sigh.
> > >
> > > I've got a WIP patch against trunk that causes test_ssl to pass - see
> below.
> > > It also seems to work with OpenSSL 1.1.1h as well as OpenSSL 1.1.1i /
> > > 1.1.1-stable, AFAICT.
> > >
> > > James: can you please give it a try as well?
> >
> > Yes, I can confirm this fixes test_ssl_handshake on trunk. There's
> > enough difference between trunk and branches/1.3.x that it doesn't apply
> > cleanly there.
>
> Any chance you would be able to make a patch for 1.3.x? Although a 1.4
> release would be nice, it's a bit late in the Debian release cycle to
> upload a major new version.
>
> A targeted fix for the test suite would address the immediate issue,
> though.
>
> Cheers,
> --
> James
> GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
>
Re: Bug#978353: serf: FTBFS: test_ssl_handshake fails with OpenSSL
1.1.1i
Posted by James McCoy <ja...@debian.org>.
Happy New Year!
On Wed, Dec 30, 2020 at 10:39:28PM -0500, James McCoy wrote:
> On Tue, Dec 29, 2020 at 02:35:11PM -0500, Justin Erenkrantz wrote:
> > The OpenSSL devs intended this to be a breaking change - but it's not
> > documented anywhere. Sigh.
> >
> > I've got a WIP patch against trunk that causes test_ssl to pass - see below.
> > It also seems to work with OpenSSL 1.1.1h as well as OpenSSL 1.1.1i /
> > 1.1.1-stable, AFAICT.
> >
> > James: can you please give it a try as well?
>
> Yes, I can confirm this fixes test_ssl_handshake on trunk. There's
> enough difference between trunk and branches/1.3.x that it doesn't apply
> cleanly there.
Any chance you would be able to make a patch for 1.3.x? Although a 1.4
release would be nice, it's a bit late in the Debian release cycle to
upload a major new version.
A targeted fix for the test suite would address the immediate issue,
though.
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB