httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@oss-institute.org>
Subject Re: Failures in SSL tests in test suite
Date Sun, 13 Dec 2009 22:46:40 GMT
Jeff Trawick wrote:
> On Sat, Dec 12, 2009 at 12:26 PM, Jeff Trawick <trawick@gmail.com> wrote:
>> On Thu, Dec 10, 2009 at 3:28 PM, Ruediger Pluem <rpluem@apache.org> wrote:
>>> Apparently because of the fix in openssl for the TLS renegotiation issue the
following
>>> failed tests now pop up in our test suite (trunk and 2.2.x the same):
>>>
>>>
>>> Failed Test       Stat Wstat Total Fail  List of Failed
>>> -------------------------------------------------------------------------------
>>> t/ssl/basicauth.t                3    2  2-3
>>> t/ssl/env.t                     30   15  16-30
>>> t/ssl/extlookup.t                2    2  1-2
>>> t/ssl/fakeauth.t                 3    2  2-3
>>> t/ssl/pr12355.t                 10   10  1-10
>>> t/ssl/pr43738.t                  4    4  1-4
>>> t/ssl/proxy.t                  172   10  3-7 116-120
>>> t/ssl/require.t                  5    2  2 5
>>> t/ssl/varlookup.t               72   72  1-72
>>> t/ssl/verify.t                   3    1  2
>>> 4 tests and 2 subtests skipped.
>> I picked up almost identical failures on 2.2.14 on OpenSolaris when
>> moving to a dev build with 0.9.8l from a dev build with 0.9.8k.  At
>> least a few of those testcases mention renegotiation.  As I also
>> picked up another failure that didn't seem to be related, I'll try to
>> find time to perform before/after testing with just the OpenSSL k->l
>> change.
> 
> A straight k->l comparison shows exactly the same failures as you with
> httpd trunk/apr[-util] 1.4 HEAD on a recent OpenSolaris dev build.
> 

I'd suggest you try OpenSSL 0.9.8-dev (i.e. a recent snapshot). Renegotiation is
now possible but only with itself (which presumably that tests). The only thing
that is not allowed is renegotiation with the deprecated SSLv2.

If there are still any problems I'll check them.

Steve.
-- 
Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute: www.oss-institute.org
OpenSSL Core team: www.openssl.org

Mime
View raw message