[gnutls-devel] GnuTLS | New CI runner with clang combined ubsan+asan (!1151)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jan 23 19:21:43 CET 2020 



Tim Rühsen commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/merge_requests/1151#note_276123599

> +  - ./bootstrap
> +  - export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1:suppressions=$(pwd)/devel/ubsan.supp
> +  - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp
> +  - export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer
> +  - export CC=clang
> +  - export CXX=clang++
> +
> +# This makes several tests fail, needs discussion if helpful
> +#  - export CFLAGS="-std=c99 -O1 -g -Werror -fno-omit-frame-pointer -fsanitize=undefined,integer,nullability,bool,alignment,null,enum,address,leak,nonnull-attribute  -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow -fsanitize-address-use-after-scope"
> +
> +# This is from OSS-Fuzz (20.12.2019)
> +  - export CFLAGS="-std=c99 -O1 -g -Werror -fno-omit-frame-pointer -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr,address,leak,alignment -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow -fsanitize-address-use-after-scope"
> +
> +  - export CXXFLAGS="$CFLAGS"
> +
> +# --disable-tls13-interop because tests/suite/testcompat-tls13-openssl.sh fails with clang sanitizers 

>From the ...verbose.$$.log: Maybe you can see something, I can't:
```
Checking TLS 1.3 with resumption with early data...
Processed 0 CA certificate(s).
Resolving '127.0.0.1:37904'...
Connecting to '127.0.0.1:37904'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
        Public Key ID:
                sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
                sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
        Public Key PIN:
                pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=

- Certificate[1] info:
 - subject `CN=GnuTLS Test CA', issuer `CN=GnuTLS Test CA', serial 0x00, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:36:30 UTC', expires `2038-10-12 08:36:33 UTC', pin-sha256="Q6gIwA8tsmcqv+Fmom0cnzs9jZGV+iyqEIx0AQtfCQE="
- Status: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. 
*** PKI verification of server certificate failed...
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1151#note_276123599
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200123/8f55263e/attachment-0001.html>

More information about the Gnutls-devel mailing list