[gnutls-devel] test hangs in 3.2.8.1

Thomas Klausner wiz at NetBSD.org
Fri Jan 17 11:31:02 CET 2014 

On Fri, Jan 17, 2014 at 08:01:21AM +0100, Nikos Mavrogiannopoulos wrote:
>  The tests you disabled are simply scripts. Could you try running them
> and see where their failure is?

$ ./testdsa
Checking various DSA key sizes
Checking DSA-1024 with TLS 1.0
Error setting the x509 trust file
Checking server DSA-1024 with client DSA-1024 and TLS 1.0
Error setting the x509 trust file
Checking server DSA-1024 with client DSA-2048 and TLS 1.0
Checking server DSA-1024 with client DSA-3072 and TLS 1.0
(nothing happens for a long time)
(when I press CTRL-C it continues with)
Checking DSA-1024 with TLS 1.2
Error setting the x509 trust file
Checking server DSA-1024 with client DSA-1024 and TLS 1.2
Error setting the x509 trust file
Checking server DSA-1024 with client DSA-2048 and TLS 1.2
Error setting the x509 trust file
*** Fatal error: The given DSA key is incompatible with the selected TLS protocol.
*** Handshake has failed
GnuTLS error: The given DSA key is incompatible with the selected TLS protocol.
Failure: Failed connection to a server with a client DSA 2048 key and TLS 1.2!

and I have two processes left:
user     29304 99.0  0.0   26504   2700 pts/2  O    10:13AM   7:53.90 /scratch/security/gnutls/work/gnutls-3.2.8/src/.libs/gnutls-serv -q -p 5559 --priority NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0 --x509certfile ./cert.dsa.1024.pem --x509keyfile ./dsa.1024.pem
user     18836  0.0  0.0   25480   2112 pts/2  I    10:20AM   0:00.01 /scratch/security/gnutls/work/gnutls-3.2.8/src/.libs/gnutls-serv -q -p 5559 --priority NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 --x509certfile ./cert.dsa.1024.pem --x509keyfile ./dsa.1024.pem


After killing them both, I tried the other test:
$ ./testcerts
Checking OpenPGP certificate verification
(nothing happens)
(after I press CTRL-C a few times, I see)
Error setting the x509 trust file
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.
Failure: Connection to signed PGP certificate should have succeeded! (error code 1)

and I have three processes left:
user       603  0.0  0.0   27532   2676 pts/2  I    10:23AM   0:00.01 /scratch/security/gnutls/work/gnutls-3.2.8/src/.libs/gnutls-serv -q -p 5557 --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile ./srv-public-127.0.0.1-signed.gpg --pgpkeyfile ./srv-secret.gpg
user     15030  0.0  0.0   25484   2112 pts/2  I    10:28AM   0:00.01 /scratch/security/gnutls/work/gnutls-3.2.8/src/.libs/gnutls-serv -q -p 5557 --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile ./srv-public-localhost-signed.gpg --pgpkeyfile ./srv-secret.gpg
user     28391  0.0  0.0   25484   2112 pts/2  I    10:28AM   0:00.01 /scratch/security/gnutls/work/gnutls-3.2.8/src/.libs/gnutls-serv -q -p 5557 --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile ./srv-public-all-signed.gpg --pgpkeyfile ./srv-secret.gpg

Why are there left-over processes?

Are they perhaps emptying out the entropy pool and blocking for that
reason, or do you have another explanation?
 Thomas

More information about the Gnutls-devel mailing list