Discussion:
perl-framework + apache 2.1.9 + openssl-0.9.8a
Oden Eriksson
2005-11-20 15:43:57 UTC
Permalink
Hello.

Not so long ago I started packaging apache 2.1.x (rpm) and also run the
perl-framework tests at build time in Mandriva Cooker (development branch of
Mandriva Linux). Ever since I updated openssl-0.9.7i -> openssl-0.9.8a some
ssl tests in the perl-framework stopped working. Is this a known fact?

These are the tests that fails:

t/ssl/basicauth.t 3 2 66.67% 2-3
t/ssl/env.t 28 14 50.00% 15-28
t/ssl/extlookup.t 2 2 100.00% 1-2
t/ssl/fakeauth.t 3 2 66.67% 2-3
t/ssl/proxy.t 172 10 5.81% 3-7 116-120
t/ssl/require.t 5 2 40.00% 2 5
t/ssl/varlookup.t 72 72 100.00% 1-72
t/ssl/verify.t 3 1 33.33% 2
13 tests and 1 subtest skipped.
Failed 8/126 test scripts, 93.65% okay. 105/2919 subtests failed, 96.40% okay.


Cheers.
--
Regards // Oden Eriksson
Mandriva: http://www.mandriva.com
NUX: http://li.nux.se
Joe Orton
2005-11-23 14:17:53 UTC
Permalink
Post by Oden Eriksson
Not so long ago I started packaging apache 2.1.x (rpm) and also run the
perl-framework tests at build time in Mandriva Cooker (development branch of
Mandriva Linux). Ever since I updated openssl-0.9.7i -> openssl-0.9.8a some
ssl tests in the perl-framework stopped working. Is this a known fact?
I see this too now that I have a box running 0.9.8a, all tests which
involve a client cert are failing. It looks like a failure on the
client side; from a quick manual test mod_ssl seems to be behaving
correctly. I'll investigate this further.

joe
Post by Oden Eriksson
t/ssl/basicauth.t 3 2 66.67% 2-3
t/ssl/env.t 28 14 50.00% 15-28
t/ssl/extlookup.t 2 2 100.00% 1-2
t/ssl/fakeauth.t 3 2 66.67% 2-3
t/ssl/proxy.t 172 10 5.81% 3-7 116-120
t/ssl/require.t 5 2 40.00% 2 5
t/ssl/varlookup.t 72 72 100.00% 1-72
t/ssl/verify.t 3 1 33.33% 2
13 tests and 1 subtest skipped.
Failed 8/126 test scripts, 93.65% okay. 105/2919 subtests failed, 96.40% okay.
Cheers.
--
Regards // Oden Eriksson
Mandriva: http://www.mandriva.com
NUX: http://li.nux.se
Oden Eriksson
2005-11-23 14:42:42 UTC
Permalink
Post by Joe Orton
Post by Oden Eriksson
Not so long ago I started packaging apache 2.1.x (rpm) and also run the
perl-framework tests at build time in Mandriva Cooker (development branch
of Mandriva Linux). Ever since I updated openssl-0.9.7i -> openssl-0.9.8a
some ssl tests in the perl-framework stopped working. Is this a known
fact?
I see this too now that I have a box running 0.9.8a, all tests which
involve a client cert are failing. It looks like a failure on the
client side; from a quick manual test mod_ssl seems to be behaving
correctly. I'll investigate this further.
joe
I forgot to give an update on this. It fixed in Mandriva now. It was because
openssl must not be built with these (or one of these) "no-mdc2 no-ec no-ecdh
no-ecdsa".

Tests in neon also failed:

25. cache_verify.......... server child failed: SSL_read failed (-1):
decryption failed or bad record mac
FAIL (error from server process)

44. session_cache......... server child failed: SSL_accept failed: sslv3 alert
bad record mac
FAIL (line 849: HTTP error:
SSL negotiation failed: SSL error: decryption failed or bad record mac)

48. auth_tunnel_creds..... server child failed: SSL_read failed (-1):
decryption failed or bad record mac
FAIL (error from server process)

cyrus-imap also had problems:

http://qa.mandriva.com/show_bug.cgi?id=19882

The tests using this combination passes now:

perl-framework (latest from svn) + apache 2.1.9/2.1.10 + openssl-0.9.8a

ftp://ftp.sunet.se/pub/Linux/distributions/Mandriva/devel/cooker/SRPMS/contrib/apache2-2.1.9-0.beta.3mdk.src.rpm

(it runs tests for php4 and php5 too, not mod_perl yet)
Post by Joe Orton
Post by Oden Eriksson
t/ssl/basicauth.t 3 2 66.67% 2-3
t/ssl/env.t 28 14 50.00% 15-28
t/ssl/extlookup.t 2 2 100.00% 1-2
t/ssl/fakeauth.t 3 2 66.67% 2-3
t/ssl/proxy.t 172 10 5.81% 3-7 116-120
t/ssl/require.t 5 2 40.00% 2 5
t/ssl/varlookup.t 72 72 100.00% 1-72
t/ssl/verify.t 3 1 33.33% 2
13 tests and 1 subtest skipped.
Failed 8/126 test scripts, 93.65% okay. 105/2919 subtests failed, 96.40% okay.
Cheers.
--
Regards // Oden Eriksson
Mandriva: http://www.mandriva.com
NUX: http://li.nux.se
--
Regards // Oden Eriksson
Mandriva: http://www.mandriva.com
NUX: http://li.nux.se
Joe Orton
2005-11-23 15:03:47 UTC
Permalink
Post by Oden Eriksson
Post by Joe Orton
Post by Oden Eriksson
Not so long ago I started packaging apache 2.1.x (rpm) and also run the
perl-framework tests at build time in Mandriva Cooker (development branch
of Mandriva Linux). Ever since I updated openssl-0.9.7i -> openssl-0.9.8a
some ssl tests in the perl-framework stopped working. Is this a known
fact?
I see this too now that I have a box running 0.9.8a, all tests which
involve a client cert are failing. It looks like a failure on the
client side; from a quick manual test mod_ssl seems to be behaving
correctly. I'll investigate this further.
joe
I forgot to give an update on this. It fixed in Mandriva now. It was because
openssl must not be built with these (or one of these) "no-mdc2 no-ec no-ecdh
no-ecdsa".
Thanks. Having spoken to our OpenSSL maintainer it's something more
specifically to do with zlib compression being enabled by default now in
0.9.8a. We're using the below patch for the moment, be careful of the
patent minefield if you start turning on all those cipher suites.

--- openssl-0.9.8a/ssl/ssl_ciph.c.no-builtin-comp 2005-10-01 01:38:20.000000000 +0200
+++ openssl-0.9.8a/ssl/ssl_ciph.c 2005-11-22 16:08:37.000000000 +0100
@@ -203,6 +203,7 @@

static void load_builtin_compressions(void)
{
+#if 0
if (ssl_comp_methods != NULL)
return;

@@ -233,6 +234,7 @@
MemCheck_on();
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+#endif
}
#endif

Loading...