git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NOTICE: Intent to T&R 2.4.36


On 2018-10-10 07:30, Joe Orton wrote:
On Tue, Oct 09, 2018 at 03:29:49PM -0500, Daniel Ruggeri wrote:
Hi, all;
I ran through my usual testing routine, this time with OpenSSL 1.1.1, but found several test failures. In the past, these issues have been isolated to my environment so I just wanted to drop a line to see if anyone has run the test suite against 2.4.x lately and can corroborate this result? If not, I
can debug my environment.

TLSv1.3 testing is still a mess with OpenSSL 1.1.1, sorry.  I have
updated the test suite just now to disable TLSv1.3 testing for most
people.  We need updates to Net::SSLeay (the latest upstream has the
patch) and IO::Socket::SSL, but the latter is not patched upstream, so I
can't make an accurate test for that yet.

At worst, forcibly testing with:

  ./t/TEST -sslproto 'all -TLSv1.2'

should now be possible.

(If using an existing check-out of the test suite don't forget to re-run
"make" before running ./t/TEST -conf to regenerate the config...)

Let me know if that's not made any difference for you.

I don't know why t/modules/http2.t is failing but I see that here too.

Thanks Joe and Bill.

Yep, when flipping back over to OpenSSL 1.1.0i, everything works A-OK. Even the H2 failure irons itself out. It's a bummer to hear TLS 1.3 testing isn't up to snuff with this being the major feature of the release.

I also just wiped the environment, recompiled everything from scratch (same versions noted below) and reran the tests with the latest test framework and see that the recent changes to the framework leave only the failing h2 test (which doesn't happen w/ 1.1.0i). So... I think it was indeed localized to the test framework.

I'm also happy to see the H2 EOS fix in, too!

So... I think I'm content with the results and am ready to T&R!


Regards, Joe



Test Summary Report
-------------------
t/modules/http2.t                 (Wstat: 0 Tests: 24 Failed: 0)
  Parse errors: Bad plan.  You planned 52 tests but ran 24.
t/security/CVE-2009-3555.t        (Wstat: 0 Tests: 4 Failed: 2)
  Failed tests:  3-4
t/ssl/basicauth.t                 (Wstat: 0 Tests: 4 Failed: 2)
  Failed tests:  2-3
t/ssl/env.t                       (Wstat: 0 Tests: 30 Failed: 15)
  Failed tests:  16-30
t/ssl/extlookup.t                 (Wstat: 0 Tests: 4 Failed: 4)
  Failed tests:  1-4
t/ssl/fakeauth.t                  (Wstat: 0 Tests: 3 Failed: 2)
  Failed tests:  2-3
t/ssl/ocsp.t                      (Wstat: 0 Tests: 3 Failed: 1)
  Failed test:  3
t/ssl/require.t                   (Wstat: 0 Tests: 10 Failed: 3)
  Failed tests:  2, 5, 9
t/ssl/varlookup.t                 (Wstat: 0 Tests: 83 Failed: 83)
  Failed tests:  1-83
t/ssl/verify.t                    (Wstat: 0 Tests: 3 Failed: 1)
  Failed test:  2
Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr 0.28 sys + 48.46 cusr
11.08 csys = 61.68 CPU)


Versions at play were:
system:
  kernel:
    name: Linux
    release: 3.16.0-4-amd64
    version: #1 SMP Debian 3.16.51-3 (2017-12-13)
    machine: x86_64

  libraries:
    openssl: "1.1.1"
    openldap: "2.4.46"
    apr: "1.6.5"
    apr-util: "1.6.1"
    iconv: "1.2.2"
    brotli: "1.0.6"
    nghttp2: "1.34.0"
    zlib: "1.2.11"
    pcre: "8.42"
    libxml2: "2.9.8"
    php: "5.6.38"
    lua: "5.3.5"
    curl: "7.61.1"


Anything look obviously crazy/wrong?

--
Daniel Ruggeri

On 2018-10-09 06:36, Daniel Ruggeri wrote:
> Hi, all;
>  Barring any major disagreement in the next several hours, I intend to
> T&R our next version later today or early tomorrow.
>
> Hooray for TLS 1.3!
> --
> Daniel Ruggeri

--
Daniel Ruggeri