gnutls-3.0.3 testdsa problems, patch

Somchai Smythe buraphalinuxserver at gmail.com
Tue Sep 20 00:33:58 CEST 2011


Hello,

Since gnutls-3.0.X is the supported 'stable', I am trying to build it
and use it.  But I'm having many problems getting the test-suite to
run.

I kept getting very confusing errors about kill that were nearly
impossible to debug because of all kinds of unconditional '>/dev/null
2>&1'  when trying to run 'testdsa' as part of the 'make check'.   The
quiet builds are popular nowadays, but essentially impossible for
idiots like me to debug when they break.  Maybe some working 'V=1'
mode could be added?  Anyway, before my patch I got this:

Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Failure:
../scripts/common.sh: line 25: kill: Failed: arguments must be process
or job IDs
../scripts/common.sh: line 25: kill: to: arguments must be process or job IDs
../scripts/common.sh: line 25: kill: launch: arguments must be process
or job IDs
../scripts/common.sh: line 25: kill: a: arguments must be process or job IDs
../scripts/common.sh: line 25: kill: gnutls-serv: arguments must be
process or job IDs
../scripts/common.sh: line 25: kill: server,: arguments must be
process or job IDs
../scripts/common.sh: line 25: kill: aborting: arguments must be
process or job IDs
../scripts/common.sh: line 25: kill: test...: arguments must be
process or job IDs

After a long night of frustration I realized the problem is that the
test server software unconditionally expects me to be using IPV6.  I
don't have any IPV6 kernel modules loaded and no IPV6 interface
configured, but the test sever still tries to listen on ipv6 anyway
for '::' (I'm on linux 3.0.4 kernel).  This probably incorrect tiny
patch (against gnutls-3.0.3 release) fixed that problem for me:

--- gnutls-3.0.3/src/serv.c     2011-09-14 03:31:58.000000000 +0700
+++ gnutls-3.0.3.new/src/serv.c 2011-09-20 03:59:30.601338284 +0700
@@ -702,6 +696,9 @@

   for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
     {
+#ifndef HAVE_IPV6
+      if (ptr->ai_family!=AF_INET) continue;
+#endif
       /* Print what we are doing. */
       {
         char topbuf[512];


But all it did was let me go to the next crash :-(

Now I still get stuck with this:

Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Checking server DSA-1024 with client DSA-1024 and TLS 1.0
Checking server DSA-1024 with client DSA-2048 and TLS 1.0
Checking server DSA-1024 with client DSA-3072 and TLS 1.0
Checking DSA-1024 with TLS 1.2
Checking server DSA-1024 with client DSA-1024 and TLS 1.2
Checking server DSA-1024 with client DSA-2048 and TLS 1.2
*** Fatal error: The given DSA key is incompatible with the selected
TLS protocol.
*** Handshake has failed
GnuTLS error: The given DSA key is incompatible with the selected TLS protocol.
Failure: Failed connection to a server with a client DSA 2048 key and TLS 1.2!

Any hints on what magic is needed to get past this next problem?

JGH




More information about the Gnutls-devel mailing list