You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Stefan Fritsch <sf...@sfritsch.de> on 2011/11/18 22:21:55 UTC
Test failures and libwww-perl 6.0.3
Hi,
in case any of you also have lots of test failures with libwww-perl 6.0.3,
setting these env vars fixes most of them for me:
PERL_NET_HTTPS_SSL_SOCKET_CLASS=Net::SSL
PERL_LWP_SSL_VERIFY_HOSTNAME=0
No idea why Net::SSL works but IO::Socket::SSL doesn't. The remaining
failures are:
t/modules/proxy.t (Wstat: 0 Tests: 15 Failed: 2)
Failed tests: 9-10
# testing : reverse proxy to nph-102
# expected: 200
# received: 102
not ok 9
# testing : reverse proxy 102 response
# expected: this is nph-stdout
# received:
not ok 10
These seem to be caused by LWP only handling code 100 specially, not code
1xx. If I replace in LWP/Protocol/http.pm at
($code, $mess, @h) = $socket->read_response_headers(laxed => 1, junk_out => \@junk)
if $code eq "100";
the 'eq "100"' with '=~ /^1\d\d$/ ', t/modules/proxy.t passes. If anyone
knows how to fix the test framework with this info, please go ahead.
Cheers,
Stefan
Re: Test failures and libwww-perl 6.0.3
Posted by Kaspar Brand <ht...@velox.ch>.
On 29.11.2011 23:23, Stefan Fritsch wrote:
> On Tuesday 29 November 2011, Kaspar Brand wrote:
>> I have committed the patches in r1207758 (for Apache::Test) and
>> r1207759 (adjustments to the t/ssl tests).
>
> Nice, works here now. Thanks.
FYI: Torsten pointed out a potential problem with the solution in
r1207758, so I have committed a less "intrusive" approach for
set_client_cert() in r1208506. Shouldn't make a difference then running
the tests - otherwise let me know.
Kaspar
Re: Test failures and libwww-perl 6.0.3
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Tuesday 29 November 2011, Kaspar Brand wrote:
> On 23.11.2011 15:06, Joe Orton wrote:
> > On Wed, Nov 23, 2011 at 08:37:31AM +0100, Kaspar Brand wrote:
> >> There are two approaches to fix 1): a) turn off verify_hostname
> >> where needed (t/ssl/pr12355.t and t/ssl/pr43738.t are doing this
> >> right now) or b) specify the CA cert (generated in
> >> t/conf/ca/...) to make verification work/succeed.
> >
> > (b) sounds better; I presume it doesn't break with older versions
> > of LWP?
>
> LWP::UserAgent < 6 will warn when supplying unrecognized options to
> its constructor, so I made the changes depend on $LWP::VERSION.
>
> I have committed the patches in r1207758 (for Apache::Test) and
> r1207759 (adjustments to the t/ssl tests).
Nice, works here now. Thanks.
Re: Test failures and libwww-perl 6.0.3
Posted by Kaspar Brand <ht...@velox.ch>.
On 23.11.2011 15:06, Joe Orton wrote:
> On Wed, Nov 23, 2011 at 08:37:31AM +0100, Kaspar Brand wrote:
>> There are two approaches to fix 1): a) turn off verify_hostname
>> where needed (t/ssl/pr12355.t and t/ssl/pr43738.t are doing this
>> right now) or b) specify the CA cert (generated in t/conf/ca/...)
>> to make verification work/succeed.
>
> (b) sounds better; I presume it doesn't break with older versions of
> LWP?
LWP::UserAgent < 6 will warn when supplying unrecognized options to its
constructor, so I made the changes depend on $LWP::VERSION.
I have committed the patches in r1207758 (for Apache::Test) and r1207759
(adjustments to the t/ssl tests).
Kaspar
Re: Test failures and libwww-perl 6.0.3
Posted by Joe Orton <jo...@redhat.com>.
On Wed, Nov 23, 2011 at 08:37:31AM +0100, Kaspar Brand wrote:
> There are two approaches to fix 1): a) turn off verify_hostname
> where needed (t/ssl/pr12355.t and t/ssl/pr43738.t are doing this
> right now) or b) specify the CA cert (generated in t/conf/ca/...)
> to make verification work/succeed.
(b) sounds better; I presume it doesn't break with older versions of
LWP?
Regards, Joe
Re: Test failures and libwww-perl 6.0.3
Posted by Kaspar Brand <ht...@velox.ch>.
On 18.11.2011 22:21, Stefan Fritsch wrote:
> in case any of you also have lots of test failures with libwww-perl 6.0.3,
> setting these env vars fixes most of them for me:
>
> PERL_NET_HTTPS_SSL_SOCKET_CLASS=Net::SSL
> PERL_LWP_SSL_VERIFY_HOSTNAME=0
>
> No idea why Net::SSL works but IO::Socket::SSL doesn't.
The SSL test failures are a combination of two changes in LWP 6:
1) verify_hostname has been changed to default to on
2) by default, IO::Socket:SSL is used (instead of Net:SSL from
Crypt::SSLeay), and IO::Socket:SSL doesn't honor the
HTTPS_CERT_FILE and HTTPS_CERT_KEY environment variables
when it comes to specifying a client cert
There are two approaches to fix 1): a) turn off verify_hostname
where needed (t/ssl/pr12355.t and t/ssl/pr43738.t are doing this
right now) or b) specify the CA cert (generated in t/conf/ca/...)
to make verification work/succeed.
For 2), set_client_cert in TestRequest.pm needs to be enhanced,
e.g. like so:
Index: lib/Apache/TestRequest.pm
===================================================================
--- lib/Apache/TestRequest.pm (revision 1205312)
+++ lib/Apache/TestRequest.pm (working copy)
@@ -620,6 +620,9 @@ sub set_client_cert {
if ($name) {
$ENV{HTTPS_CERT_FILE} = "$dir/certs/$name.crt";
$ENV{HTTPS_KEY_FILE} = "$dir/keys/$name.pem";
+ user_agent(reset => 1,
+ ssl_opts => { SSL_cert_file => "$dir/certs/$name.crt",
+ SSL_key_file => "$dir/keys/$name.pem" });
}
else {
for (qw(CERT KEY)) {
Depending on how 1) is going to be addressed, set_client_cert also
needs to turn off verify_hostname at the same time, or it can
supply an SSL_ca_file as an additional ssl_opts argument.
What fix should be chosen for 1), a) or b)?
Kaspar