Bug #128025 for Net-SSLeay: Test suite fails on debian/buster

Sat Dec 15 04:17:39 2018 SREZIC [...] cpan.org - Ticket created

Subject:

Test suite fails on debian/buster

See subject. Fail report on CPAN Testers is here: http://www.cpantesters.org/cpan/report/c93442ec-ff2a-11e8-bea3-a6613ff35200 There are similar fail reports on CPAN Testers from other people (probably on other systems): http://matrix.cpantesters.org/?dist=Net-SSLeay%201.86_07;os=linux;reports=1 openssl version is 1.1.1a according to openssl version. On other systems with the same openssl version (e.g. freebsd) the test suite does not fail.

Fri Jan 25 14:08:48 2019 PLICEASE [...] cpan.org - Requestor PLICEASE added

Fri Jan 25 17:08:18 2019 PLICEASE [...] cpan.org - Correspondence added

It may be helpful to review the patches that are used to build Net::SSLeay for Debian: https://sources.debian.org/src/libnet-ssleay-perl/1.85-2/debian/patches/

Sat Mar 16 00:07:26 2019 jmaslak [...] antelope.net - Correspondence added

This also happens on Ubuntu 18.10 - tests fail to complete (it hangs), starting with t/local/07_sslecho.t The above mentioned debian patches fix it, particularly this one: https://sources.debian.org/src/libnet-ssleay-perl/1.85-2/debian/patches/Adapt-to-OpenSSL-1.1.1.patch/ It would make my life way easier if this patch was applied and the new version of Net::SSLeay was released.

Sat Mar 16 00:07:27 2019 The RT System itself - Status changed from 'new' to 'open'

Fri May 03 11:30:17 2019 chrisn [...] cpan.org - Correspondence added

Thanks for the report, Slaven --- apologies for taking so long to get back to you. On Sat Dec 15 09:17:39 2018, SREZIC wrote: Show quoted text

> See subject. Fail report on CPAN Testers is here: > http://www.cpantesters.org/cpan/report/c93442ec-ff2a-11e8-bea3- > a6613ff35200 > > There are similar fail reports on CPAN Testers from other people > (probably on other systems): http://matrix.cpantesters.org/?dist=Net- > SSLeay%201.86_07;os=linux;reports=1 > > openssl version is 1.1.1a according to openssl version. On other > systems with the same openssl version (e.g. freebsd) the test suite > does not fail.

We had a lot of smoke test failures for 1.86_07 and 1.86_09 that were caused by: (a) Incorrectly checking the return value from (CTX_)get_min_proto_version() and (CTX_)get_max_proto_version() in some tests in t/local/09_ctx_new.t, which caused test failures with OpenSSLs configured to enforce minimum protocol versions (such as the packaged OpenSSLs in recent versions of Fedora and Debian). (b) The continued use of 1024-bit keys and certificates in the test suite with OpenSSLs configured to enforce a default security level of 2 or higher, which forbid the use of keys this short. We previously worked around this by explicitly setting the security level to 1 in the tests that use them (as suggested by the Debian Perl Group), and while this continues to work on Fedora, it no longer does on Debian Buster. We've fixed the bugs in t/local/09_ctx_new.t and retired the remaining 1024-bit keys/certificates that are used in the test suite, replacing them with 2048-bit keys/certificates. Both PRs have been merged into master, and will be part of developer release 1.86_10 (and a new stable version shortly after that, subject to good feedback from the smoke testers): [1] https://github.com/radiator-software/p5-net-ssleay/pull/130 [2] https://github.com/radiator-software/p5-net-ssleay/pull/131 I've verified that all tests now pass on Debian Buster using the master branch (after also installing libtest-exception-perl, libtest-warn-perl and libtest-nowarnings-perl, so the entire test suite executes) --- see the attached output from "make test".

Subject:

master-debian-testing.txt

root@debian-testing:~/p5-net-ssleay# make test "/usr/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- SSLeay.bs blib/arch/auto/Net/SSLeay/SSLeay.bs 644 PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/local/*.t t/handle/local/*.t t/handle/local/05_use.t ................ ok t/local/01_pod.t ....................... skipped: Test::Pod 1.00 required for testing POD t/local/02_pod_coverage.t .............. skipped: these tests are for only for release candidate testing. Enable with RELEASE_TESTING=1 t/local/03_use.t ....................... 1/1 # # Testing Net::SSLeay 1.86_09 # # Perl information: # Version: '5.028001' # Executable path: '/usr/bin/perl' # # libssl information: # SSLEAY_VERSION: 'OpenSSL 1.1.1b 26 Feb 2019' # SSLEAY_CFLAGS: 'compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-SmWEKg/openssl-1.1.1b=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2' # SSLEAY_BUILT_ON: 'built on: Tue Apr 16 19:31:11 2019 UTC' # SSLEAY_PLATFORM: 'platform: debian-amd64' # SSLEAY_DIR: 'OPENSSLDIR: "/usr/lib/ssl"' # OPENSSL_ENGINES_DIR: 'ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"' t/local/03_use.t ....................... ok t/local/04_basic.t ..................... ok t/local/05_passwd_cb.t ................. ok t/local/06_tcpecho.t ................... ok t/local/07_sslecho.t ................... ok t/local/08_pipe.t ...................... ok t/local/09_ctx_new.t ................... ok t/local/10_rand.t ...................... ok t/local/11_read.t ...................... ok t/local/15_bio.t ....................... ok t/local/20_autoload.t .................. ok t/local/21_constants.t ................. ok t/local/30_error.t ..................... ok t/local/31_rsa_generate_key.t .......... ok t/local/32_x509_get_cert_info.t ........ ok t/local/33_x509_create_cert.t .......... ok t/local/34_x509_crl.t .................. ok t/local/35_ephemeral.t ................. skipped: libressl and OpenSSL 1.1 removed support for ephemeral/temporary RSA private keys t/local/36_verify.t .................... ok t/local/37_asn1_time.t ................. ok t/local/38_priv-key.t .................. ok t/local/39_pkcs12.t .................... ok t/local/40_npn_support.t ............... ok t/local/41_alpn_support.t .............. ok t/local/42_info_callback.t ............. ok t/local/43_misc_functions.t ............ ok t/local/44_sess.t ...................... ok t/local/45_exporter.t .................. ok t/local/50_digest.t .................... ok t/local/61_threads-cb-crash.t .......... ok t/local/62_threads-ctx_new-deadlock.t .. ok t/local/63_ec_key_generate_key.t ....... ok t/local/64_ticket_sharing.t ............ ok t/local/65_security_level.t ............ ok t/local/65_ticket_sharing_2.t .......... ok t/local/66_curves.t .................... ok t/local/kwalitee.t ..................... skipped: these tests are for only for release candidate testing. Enable with RELEASE_TESTING=1 All tests successful. Files=40, Tests=3041, 6 wallclock secs ( 0.11 usr 0.34 sys + 3.36 cusr 1.31 csys = 5.12 CPU) Result: PASS

Fri May 03 11:30:19 2019 chrisn [...] cpan.org - Taken

Fri May 03 11:47:11 2019 chrisn [...] cpan.org - Correspondence added

On Sat Mar 16 04:07:26 2019, JMASLAK wrote: Show quoted text

> This also happens on Ubuntu 18.10 - tests fail to complete (it hangs), > starting with t/local/07_sslecho.t > > The above mentioned debian patches fix it, particularly this one: > > https://sources.debian.org/src/libnet-ssleay-perl/1.85- > 2/debian/patches/Adapt-to-OpenSSL-1.1.1.patch/

Thanks for the Ubuntu perspective too, Joelle, and apologies for not getting back to you sooner too. Unsurprisingly, the issues I mentioned above also affect recent versions of Ubuntu. I've verified that the PRs also fix the test suite on Ubuntu 18.10 (and 19.04 for good measure, since it's now been released) --- see the attached output from "make test" on both versions. Show quoted text

> It would make my life way easier if this patch was applied and the new > version of Net::SSLeay was released.

We have a patch for an issue affecting the test suite on Gentoo that we need to confirm is working (RT#128207), then we need to address some ambiguity in the licensing terms (RT#106314) and fix some parts of the documentation that are inaccurate now that Heikki, Tuure and I have taken over as maintainers. These shouldn't take long to address, and we hope to release a new stable version shortly.

Subject:

master-ubuntu-1904.txt

root@ubuntu-1904:~/p5-net-ssleay# make test "/usr/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- SSLeay.bs blib/arch/auto/Net/SSLeay/SSLeay.bs 644 PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/local/*.t t/handle/local/*.t t/handle/local/05_use.t ................ ok t/local/01_pod.t ....................... skipped: Test::Pod 1.00 required for testing POD t/local/02_pod_coverage.t .............. skipped: these tests are for only for release candidate testing. Enable with RELEASE_TESTING=1 t/local/03_use.t ....................... 1/1 # # Testing Net::SSLeay 1.86_09 # # Perl information: # Version: '5.028001' # Executable path: '/usr/bin/perl' # # libssl information: # SSLEAY_VERSION: 'OpenSSL 1.1.1b 26 Feb 2019' # SSLEAY_CFLAGS: 'compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-uEA50R/openssl-1.1.1b=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2' # SSLEAY_BUILT_ON: 'built on: Wed Apr 3 10:50:23 2019 UTC' # SSLEAY_PLATFORM: 'platform: debian-amd64' # SSLEAY_DIR: 'OPENSSLDIR: "/usr/lib/ssl"' # OPENSSL_ENGINES_DIR: 'ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"' t/local/03_use.t ....................... ok t/local/04_basic.t ..................... ok t/local/05_passwd_cb.t ................. ok t/local/06_tcpecho.t ................... ok t/local/07_sslecho.t ................... ok t/local/08_pipe.t ...................... ok t/local/09_ctx_new.t ................... ok t/local/10_rand.t ...................... ok t/local/11_read.t ...................... ok t/local/15_bio.t ....................... ok t/local/20_autoload.t .................. ok t/local/21_constants.t ................. ok t/local/30_error.t ..................... ok t/local/31_rsa_generate_key.t .......... ok t/local/32_x509_get_cert_info.t ........ ok t/local/33_x509_create_cert.t .......... ok t/local/34_x509_crl.t .................. ok t/local/35_ephemeral.t ................. skipped: libressl and OpenSSL 1.1 removed support for ephemeral/temporary RSA private keys t/local/36_verify.t .................... ok t/local/37_asn1_time.t ................. ok t/local/38_priv-key.t .................. ok t/local/39_pkcs12.t .................... ok t/local/40_npn_support.t ............... ok t/local/41_alpn_support.t .............. ok t/local/42_info_callback.t ............. ok t/local/43_misc_functions.t ............ ok t/local/44_sess.t ...................... ok t/local/45_exporter.t .................. ok t/local/50_digest.t .................... ok t/local/61_threads-cb-crash.t .......... ok t/local/62_threads-ctx_new-deadlock.t .. ok t/local/63_ec_key_generate_key.t ....... ok t/local/64_ticket_sharing.t ............ ok t/local/65_security_level.t ............ ok t/local/65_ticket_sharing_2.t .......... ok t/local/66_curves.t .................... ok t/local/kwalitee.t ..................... skipped: these tests are for only for release candidate testing. Enable with RELEASE_TESTING=1 All tests successful. Files=40, Tests=3041, 5 wallclock secs ( 0.19 usr 0.26 sys + 3.41 cusr 1.32 csys = 5.18 CPU) Result: PASS

Fri May 03 11:47:12 2019 chrisn [...] cpan.org - Status changed from 'open' to 'patched'

Sun May 05 02:12:27 2019 chrisn [...] cpan.org - Status changed from 'patched' to 'resolved'

Sun May 05 02:12:28 2019 chrisn [...] cpan.org - Fixed in 1.86_10 added