<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div>
<p dir="auto">Nikos Mavrogiannopoulos <a href="https://gitlab.com/nmav" data-user="105950" data-reference-type="user" data-container="body" data-placement="bottom" class="gfm gfm-project_member has-tooltip" title="Nikos Mavrogiannopoulos">@nmav</a> wrote:</p>
<blockquote dir="auto">
<p>The launch_bare_server runs the server and puts it into background (with &). I'm not sure whether we can check the error code at all at this point. The error should have been caught at the wait_server call later. Wasn't it?</p>
</blockquote>
<p dir="auto">The test erred out, running into a timeout and error on killing:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">(sid)ametzler@argenau:/tmp/GNUTLS/gnutls.git/tests/suite$ ./testcompat-openssl.sh</span>
<span id="LC2" class="line" lang="plaintext">Compatibility checks using OpenSSL 1.1.1 11 Sep 2018</span>
<span id="LC3" class="line" lang="plaintext">Running with FIPS140-2 enabled curves enabled</span>
<span id="LC4" class="line" lang="plaintext">Disabling interop tests for RC4 ciphersuites</span>
<span id="LC5" class="line" lang="plaintext">Disabling interop tests for 3DES ciphersuites</span>
<span id="LC6" class="line" lang="plaintext">Disabling interop tests for NULL ciphersuites</span>
<span id="LC7" class="line" lang="plaintext">Disabling interop tests for SSL 3.0</span>
<span id="LC8" class="line" lang="plaintext">#################################################</span>
<span id="LC9" class="line" lang="plaintext"># Client mode tests (gnutls cli-openssl server) #</span>
<span id="LC10" class="line" lang="plaintext">#################################################</span>
<span id="LC11" class="line" lang="plaintext">try 1</span>
<span id="LC12" class="line" lang="plaintext">try 1</span>
<span id="LC13" class="line" lang="plaintext">try 1</span>
<span id="LC14" class="line" lang="plaintext">try 2</span>
<span id="LC15" class="line" lang="plaintext">try 2</span>
<span id="LC16" class="line" lang="plaintext">try 2</span>
<span id="LC17" class="line" lang="plaintext">try 3</span>
<span id="LC18" class="line" lang="plaintext">try 3</span>
<span id="LC19" class="line" lang="plaintext">try 3</span>
<span id="LC20" class="line" lang="plaintext">try 4</span>
<span id="LC21" class="line" lang="plaintext">try 4</span>
<span id="LC22" class="line" lang="plaintext">try 4</span>
<span id="LC23" class="line" lang="plaintext">try 5</span>
<span id="LC24" class="line" lang="plaintext">try 5</span>
<span id="LC25" class="line" lang="plaintext">try 5</span>
<span id="LC26" class="line" lang="plaintext">try 6</span>
<span id="LC27" class="line" lang="plaintext">try 6</span>
<span id="LC28" class="line" lang="plaintext">try 6</span>
<span id="LC29" class="line" lang="plaintext">Server 44595 did not come up</span>
<span id="LC30" class="line" lang="plaintext">./testcompat-main-openssl: 186: kill: No such process</span>
<span id="LC31" class="line" lang="plaintext"></span>
<span id="LC32" class="line" lang="plaintext">Server 59694 did not come up</span>
<span id="LC33" class="line" lang="plaintext">./testcompat-main-openssl: 186: kill: No such process</span>
<span id="LC34" class="line" lang="plaintext"></span>
<span id="LC35" class="line" lang="plaintext">Server 27091 did not come up</span>
<span id="LC36" class="line" lang="plaintext">./testcompat-main-openssl: 186: kill: No such process</span></code></pre>
<blockquote dir="auto">
<p>About the issue itself, I suspect it is the DSA key it is complaining for. Maybe we should separate the DSA tests from the RSA tests to address that issue.</p>
</blockquote>
<p dir="auto">Yes, DSA seems to be the cause, running without rsa key/cert also throws the error:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">(sid)ametzler@argenau:/tmp/GNUTLS/gnutls.git/tests/suite$ openssl s_server -cipher ALL -quiet -www -accept 35263 -keyform pem -certform pem -tls1 -key ./../cert-tests/data/dsa.1024.pem -cert ./../cert-tests/data/cert.dsa.1024.pem -Verify 1 -CAfile ./../../doc/credentials/x509/ca.pem</span>
<span id="LC2" class="line" lang="plaintext">error setting certificate</span>
<span id="LC3" class="line" lang="plaintext">140237331435968:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS</span>
<span id="LC4" class="line" lang="plaintext">140237331435968:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:</span></code></pre>
<blockquote dir="auto">
<p>Is there some way we can have this version of openssl in the debian build image?</p>
</blockquote>
<p dir="auto">I do not think there is a good way, except waiting for 1.1.1 to propagate to testing/buster. It is currently blocked since upgrading from 1.1.0h breaks a couple of reverse dependencies.</p>
</div>


</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">

<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/572#note_103670128">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/91165aea029c7d9a0115ad9d45653bd3/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/572#note_103670128"}}</script>
</p>
</div>
</body>
</html>