httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: ssl related test failures
Date Mon, 09 Nov 2009 15:55:46 GMT
On Monday 09 November 2009, Sander Temme wrote:
> Hi Stefan,
> 
> On Nov 9, 2009, at 2:25 AM, Stefan Fritsch wrote:
> > Hi,
> >
> > with openssl 0.9.8k, I currently get a large number of test
> > failures:
> 
> These tests do not fail for me.  Can you run a subset in verbose
>  and see how they fail?  Like:
> 
> t/TEST ... -verbose t/ssl/basicauth.t
> 
> should get you some more insight.  Also, which platform?

This is Debian unstable with the Debian openssl. It seems to complain
about an expired CRL. AFAICS with tcpdump, it doesn't try to connect
anywhere to get the CRL. Any ideas? If not I will dig deeper later,
no time ATM.

t/ssl/basicauth.t ..
1..3
# Running under perl version 5.010001 for linux
# Current time local: Mon Nov  9 16:36:42 2009
# Current time GMT:   Mon Nov  9 15:36:42 2009
# Using Test.pm version 1.25_02
# Using Apache/Test.pm version 1.31
# testing : Getting /ssl-fakebasicauth/index.html with no cert
# expected: 500
# received: 500
ok 1
# testing : Getting /ssl-fakebasicauth/index.html with client_snakeoil cert
# expected: 200
# received: 500
not ok 2
# Failed test 2 in t/ssl/basicauth.t at line 25
# testing : Getting /ssl-fakebasicauth/index.html with client_ok cert
# expected: 401
# received: 500
not ok 3
# Failed test 3 in t/ssl/basicauth.t at line 30
Failed 2/3 subtests

From the error log:

[Mon Nov 09 16:38:53 2009] [info] Initial (No.1) HTTPS request received for child 1 (server
localhost:8532)
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(552): [client 127.0.0.1] Changed client
verification type will force renegotiation
[Mon Nov 09 16:38:53 2009] [info] [client 127.0.0.1] Requesting connection re-negotiation
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(728): [client 127.0.0.1] Performing
full renegotiation: complete handshake protocol
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1831): OpenSSL: Handshake: start
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: SSL renegotiate
ciphers
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: SSLv3 write hello
request A
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: SSLv3 flush data
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: SSLv3 write hello
request C
[Mon Nov 09 16:38:53 2009] [info] [client 127.0.0.1] Awaiting re-negotiation handshake
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1831): OpenSSL: Handshake: start
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: before accept
initialization
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: SSLv3 read client
hello A
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: SSLv3 write server
hello A
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: SSLv3 write certificate
A
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1231): [client 127.0.0.1] handing out
temporary 1024 bit DH key
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: SSLv3 write key
exchange A
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: SSLv3 write certificate
request A
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1839): OpenSSL: Loop: SSLv3 flush data
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1273): [client 127.0.0.1] Certificate
Verification, depth 1 [subject: /C=US/ST=California/L=San 
Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-dev@httpd.apache.org, issuer: /C=US/ST=California/L=San
Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-
dev@httpd.apache.org, serial: D11C47D1766CFD0D]
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1480): CA CRL: Issuer: C=US, ST=California,
L=San Francisco, O=ASF, OU=httpd-test, CN=ca/emailAddress=test-
dev@httpd.apache.org, lastUpdate: Oct  3 12:01:39 2009 GMT, nextUpdate: Nov  2 12:01:39 2009
GMT
[Mon Nov 09 16:38:53 2009] [warn] Found CRL is expired - revoking all certificates until you
get updated CRL
[Mon Nov 09 16:38:53 2009] [error] [client 127.0.0.1] Certificate Verification: Error (12):
CRL has expired
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1849): OpenSSL: Write: SSLv3 read client
certificate B
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1868): OpenSSL: Exit: error in SSLv3
read client certificate B
[Mon Nov 09 16:38:53 2009] [error] [client 127.0.0.1] Re-negotiation handshake failed: Not
accepted by client!?
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1273): [client 127.0.0.1] Certificate
Verification, depth 1 [subject: /C=US/ST=California/L=San 
Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-dev@httpd.apache.org, issuer: /C=US/ST=California/L=San
Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-
dev@httpd.apache.org, serial: D11C47D1766CFD0D]
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1480): CA CRL: Issuer: C=US, ST=California,
L=San Francisco, O=ASF, OU=httpd-test, CN=ca/emailAddress=test-
dev@httpd.apache.org, lastUpdate: Oct  3 12:01:39 2009 GMT, nextUpdate: Nov  2 12:01:39 2009
GMT
[Mon Nov 09 16:38:53 2009] [warn] Found CRL is expired - revoking all certificates until you
get updated CRL
[Mon Nov 09 16:38:53 2009] [error] [client 127.0.0.1] Certificate Verification: Error (12):
CRL has expired
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1849): OpenSSL: Write: SSLv3 read client
certificate B
[Mon Nov 09 16:38:53 2009] [debug] ssl_engine_kernel.c(1868): OpenSSL: Exit: error in SSLv3
read client certificate B
[Mon Nov 09 16:38:53 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server
localhost:8532)
[Mon Nov 09 16:38:53 2009] [info] SSL Library Error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned
[Mon Nov 09 16:38:53 2009] [info] [client 127.0.0.1] Connection closed to child 1 with abortive
shutdown (server localhost:8532)




Mime
View raw message