https://bugzilla.redhat.com/show_bug.cgi?id=1614884 Bug ID: 1614884 Summary: Tests fail with OpenSSL 1.1.1 Product: Fedora Version: rawhide Component: perl-Net-SSLeay Assignee: paul@xxxxxxxxxxxx Reporter: ppisar@xxxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: jose.p.oliveira.oss@xxxxxxxxx, kasal@xxxxxx, paul@xxxxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, tmraz@xxxxxxxxxx External Bug ID: CPAN 125218 perl-Net-SSLeay-1.85-3.fc29 does not pass tests in Fedora 29 because of: (1) Changes in OpenSSL 1.1.1. See <https://rt.cpan.org/Ticket/Display.html?id=125218>. I've just finished a fix the passes with openssl-1.1.1-0.pre8.fc29. (2) Fedora changes added to openssl-1:1.1.1-0.pre8.2.fc29: # Failed test 'TLS_method CTX has automatic minimum version' # at t/local/09_ctx_new.t line 114. # got: '769' # expected: '0' # Failed test 'SSL from TLS_method CTX has automatic minimum version' # at t/local/09_ctx_new.t line 119. # got: '769' # expected: '0' # Looks like you failed 2 tests of 40. t/local/09_ctx_new.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/40 subtests These can be adjusted or disabled because Fedora system-wide crypto policy sets minimum version to 769 aka 0x0301 aka TLS1_VERSION. Thus SSL_CTX_get_min_proto_version() from the library reports a non-default minimum version (!= 0) is set. t/local/64_ticket_sharing.t ............ failed to use cert file t/data/cert.pem,t/data/key.pem at t/local/64_ticket_sharing.t line 184. # Looks like your test exited with 255 before it could output anything. t/local/64_ticket_sharing.t ............ Dubious, test returned 255 (wstat 65280, 0xff00) Failed 15/15 subtests The t/data/cert.pem certificate is 1024b RSA key with SHA1 hash. The test uses the certificate together with SSL_CTX_set_cipher_list('AES128-SHA'). I don't understand if it passes F29's crypto policy in /etc/crypto-policies/back-ends/openssl*: CipherString = @SECLEVEL=1:kEECDH:kRSA:kEDH:-aDSS:!EXP:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:!SSLv2:!ADH Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 MinProtocol = TLSv1 @SECLEVEL=1:kEECDH:kRSA:kEDH:-aDSS:!EXP:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:!SSLv2:!ADH tmraz, could not enlighten us about the SSL_CTX_set_cipher_list('AES128-SHA') and F29 DEFAULT policy? -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx/message/G6JOAFJPZTO7NMVM2SUDAHVFTAUPEUN3/
