Not sure if it could be considered as a bug, concern the tests suite, let you see
gmail
arbogast.cedric at gmail.com
Tue Mar 29 01:02:04 CEST 2011
Hello,
I have applied the "bourne shell compatible" patch and launch the test
suite, it's successfull on my build :
[root at pompomgalli] make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Checking server DSA-1024 with client DSA-1024 and TLS 1.0
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.0
Checking server DSA-1024 with client DSA-3072 and TLS 1.0
Checking DSA-1024 with TLS 1.2
Checking server DSA-1024 with client DSA-1024 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-3072 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking DSA-2048 with TLS 1.0
Checking DSA-2048 with TLS 1.2
Checking DSA-3072 with TLS 1.0
Checking DSA-3072 with TLS 1.2
PASS: testdsa
=============
1 test passed
=============
I then launch a daemon on port 5559 with the goal to prevent tls server
launch and check how the test deal with potential launch failure :
[root at pompomgalli] sshd -p 5559
[root at pompomgalli] netstat -pan | grep 5559
tcp 0 0 0.0.0.0:5559
0.0.0.0:* LISTEN 5348/sshd
[root at pompomgalli] make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
*** Fatal error: An unexpected TLS packet was received.
*** Handshake has failed
GnuTLS error: An unexpected TLS packet was received.
Failure: Failed connection to a server with DSA 1024 key and TLS 1.0!
FAIL: testdsa
===================================
1 of 1 test failed
Please report to bug-gnutls at gnu.org
===================================
The test correctly fail, but without mention tls_server launch has failed.
To show how this could be confusing, checking again with a forced TLS
server 1.0 :
[root at pompomgalli] kill 5438
[root at pompomgalli] src/gnutls-serv -d 9 -p 5559 --priority
"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile
../gnutls-2.12.0/tests/dsa/cert.dsa.1024.pem --x509keyfile
../gnutls-2.12.0/tests/dsa/dsa.1024.pem >/dev/null 2>&1 &
[1] 7091
[root at pompomgalli] netstat -pan | grep 5559
tcp 0 0 0.0.0.0:5559 0.0.0.0:*
LISTEN 7091/lt-gnutls-serv
[root at pompomgalli] make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Checking server DSA-1024 with client DSA-1024 and TLS 1.0
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.0
Checking server DSA-1024 with client DSA-3072 and TLS 1.0
../../../gnutls-2.12.0/tests/dsa/testdsa: line 68: kill: (8793) -
No such process
Checking DSA-1024 with TLS 1.2
Checking server DSA-1024 with client DSA-1024 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
*** Fatal error: The given DSA key is incompatible with the
selected TLS protocol.
*** Handshake has failed
GnuTLS error: The given DSA key is incompatible with the selected
TLS protocol.
Failure: Failed connection to a server with a client DSA 2048 key
and TLS 1.2!
FAIL: testdsa
===================================
1 of 1 test failed
Please report to bug-gnutls at gnu.org
===================================
The test correclty fail, the "./../../gnutls-2.12.0/tests/dsa/testdsa:
line 68: kill: (8793) - No such process" gives some tips about the real
issue but the "incompatible DSA key" messages could lead to misundertood it.
Perhaps this does not worth any efforts, but what did you think about
this (normaly bourne compatible) patch :
--- tests/dsa/testdsa.man 2011-03-29 00:33:24.000000000 +0200
+++ tests/dsa/testdsa.cea 2011-03-29 00:27:21.000000000 +0200
@@ -32,13 +32,31 @@
exit 1
}
+
+launch_server() {
+ PARENT=$1;
+ shift;
+ $SERV $DEBUG -p $PORT $* >/dev/null 2>&1 &
+ LOCALPID="$!";
+ trap "[ ! -z \"${LOCALPID}\" ] && kill ${LOCALPID};" 15
+ wait "${LOCALPID}"
+ LOCALRET="$?"
+ if [ "${LOCALRET}" != "0" -a "${LOCALRET}" != "143" ] ; then
+ # Houston, we'v got a problem...
+ echo "Failed to launch a gnutls-serv server !"
+ kill -10 ${PARENT}
+ fi
+}
+
+trap "fail \"Failed to launch a gnutls-serv server, aborting dsatest...
\"" 10
+
echo "Checking various DSA key sizes"
# DSA 1024 + TLS 1.0
echo "Checking DSA-1024 with TLS 1.0"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile
$srcdir/dsa.1024.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile
$srcdir/dsa.1024.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
@@ -72,7 +90,7 @@
echo "Checking DSA-1024 with TLS 1.2"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile
$srcdir/dsa.1024.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile
$srcdir/dsa.1024.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
@@ -107,7 +125,7 @@
echo "Checking DSA-2048 with TLS 1.0"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile
$srcdir/dsa.2048.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile
$srcdir/dsa.2048.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
@@ -123,7 +141,7 @@
echo "Checking DSA-2048 with TLS 1.2"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile
$srcdir/dsa.2048.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile
$srcdir/dsa.2048.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
@@ -139,7 +157,7 @@
echo "Checking DSA-3072 with TLS 1.0"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile
$srcdir/dsa.3072.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0"
--x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile
$srcdir/dsa.3072.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
@@ -155,7 +173,7 @@
echo "Checking DSA-3072 with TLS 1.2"
-$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile
$srcdir/dsa.3072.pem >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"
--x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile
$srcdir/dsa.3072.pem & PID=$!
trap "kill $PID" 1 15 2
# give the server a chance to initialize
The testdsa script abort properly with a gnutls server TLS 1.0 occupying
port 5559 :
[root at pompomgalli] netstat -pan | grep 5559
tcp 0 0 0.0.0.0:5559 0.0.0.0:*
LISTEN 7091/lt-gnutls-serv
[root at pompomgalli] make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Failed to launch a gnutls-serv server !
Failure: Failed to launch a gnutls-serv server, aborting dsatest...
FAIL: testdsa
===================================
1 of 1 test failed
Please report to bug-gnutls at gnu.org
===================================
It abort properly too with something on port 5559 or if the tls server
can't start for any reason :
[root at pompomgalli] kill 7091
[root at pompomgalli] sshd -p 5559
[root at pompomgalli] netstat -pan | grep 5559
tcp 0 0 0.0.0.0:5559 0.0.0.0:*
LISTEN 25080/sshd
[root at pompomgalli] make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Failed to launch a gnutls-serv server !
Failure: Failed to launch a gnutls-serv server, aborting dsatest...
FAIL: testdsa
===================================
1 of 1 test failed
Please report to bug-gnutls at gnu.org
===================================
[root at pompomgalli] kill 25080
[root at pompomgalli] netstat -pan | grep 5559
[root at pompomgalli] echo "exit 1;" > src/gnutls-serv
[root at pompomgalli] make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Failed to launch a gnutls-serv server !
Failure: Failed to launch a gnutls-serv server, aborting dsatest...
FAIL: testdsa
===================================
1 of 1 test failed
Please report to bug-gnutls at gnu.org
===================================
And if all is ok, testdsa is successfull :
[root at pompomgalli] rm src/gnutls-serv
[root at pompomgalli] make check
...
make[3]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
make[2]: Leaving directory
`/usr/src/gnutls-2.12.0_build/tests/safe-renegotiation'
Making check in dsa
make[2]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make testdsa
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make[3]: Nothing to be done for
`../../../gnutls-2.12.0/tests/dsa/testdsa'.
make[3]: Leaving directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
make check-TESTS
make[3]: Entering directory `/usr/src/gnutls-2.12.0_build/tests/dsa'
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Checking server DSA-1024 with client DSA-1024 and TLS 1.0
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.0
Checking server DSA-1024 with client DSA-3072 and TLS 1.0
Checking DSA-1024 with TLS 1.2
Checking server DSA-1024 with client DSA-1024 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-2048 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking server DSA-1024 with client DSA-3072 and TLS 1.2
Processed 1 client certificates...
Processed 1 client X.509 certificates...
Checking DSA-2048 with TLS 1.0
Checking DSA-2048 with TLS 1.2
Checking DSA-3072 with TLS 1.0
Checking DSA-3072 with TLS 1.2
PASS: testdsa
=============
1 test passed
=============
If you think it 's worth the effort, i can launch the test suite with a
"pure" bourne shell.
Best regard, Cédric.
Le 28/03/2011 21:36, Nikos Mavrogiannopoulos a écrit :
> On 03/27/2011 07:13 PM, gmail wrote:
>> Hello,
>>
>> I have build gnutls-2.12.0 in a chroot jail (gcc 4.5.2/libc
>> 2.13/binutils 2.21/make 3.82) on an athlon architecture as root and got
>> the following trouble whi dsatest :
> Hello thank you for reporting and investigating that. I've fixed it
> similarly to your proposal, but in a different way. I've committed
> the fix at:
> http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=2df3b9d72f283d6a52b1625465a9d1b07cd8d0c3
> that should make the whole test bourne compatible. I hope
> this will result to more systems being able to run those
> tests with less issues.
>
>
> best regards,
> Nikos
More information about the Gnutls-devel
mailing list