Am Dienstag, den 20.02.2018, 19:07 +0100 schrieb [email protected]: > ### I did the following: > > # To overcome the unavailability of the HOSTALIASES trick on Mac OS > X, > # I edited "/etc/hosts" as follows. > > sudo cp -pi /etc/hosts /etc/hosts.bak > > cat << EOF | sudo tee /etc/hosts > /dev/null > 127.0.0.1 localhost WgetTestingServer > 255.255.255.255 broadcasthost > ::1 localhost > fe80::1%lo0 localhost > EOF > > sudo chown root:wheel /etc/hosts > sudo chmod 644 /etc/hosts > > # Note that, except for the added "WgetTestingServer" alias, > # Mac OS X requires these four lines at the bottom of /etc/hosts. > 127.0.0.1 localhost > 255.255.255.255 broadcasthost > ::1 localhost > fe80::1%lo0 localhost > > > #----- > # Then, the usual "configure, make, make check" sequence ran. > > export PKG_CONFIG='/opt/pkg-config/bin/pkg-config' > export PKG_CONFIG_PATH='/opt/pkg-config/lib/pkgconfig' > > ./configure --with-ssl=openssl --with-openssl=yes --with-libssl- > prefix=/opt/openssl --with-zlib=/opt/zlib > > make > make check > > > ### Actual Result: > > "make check" printed the following failures. > > FAIL: Test-https-pfs.px > FAIL: Test-https-tlsv1x.px > > > For Test-https-pfs, "config.log" has the following lines. > > Resolving wgettestingserver... 127.0.0.1, ::1, fe80::1 > Caching wgettestingserver => 127.0.0.1 ::1 fe80::1 > Connecting to wgettestingserver|127.0.0.1|:24443... connected. > Created socket 6. > Releasing 0x00007fc16141d640 (new refcount 1). > Initiating SSL handshake. > SSL handshake failed. > OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure > Closed fd 6 > Unable to establish SSL connection. > Test failed: wrong code returned (was: 4, expected: 0) > FAIL Test-https-pfs.px (exit status: 1) > > > For Test-https-tlsv1x, "config.log" has the following lines. > > Resolving wgettestingserver... 127.0.0.1, ::1, fe80::1 > Caching wgettestingserver => 127.0.0.1 ::1 fe80::1 > Connecting to wgettestingserver|127.0.0.1|:29443... connected. > Created socket 6. > Releasing 0x00007f8861c1d640 (new refcount 1). > Initiating SSL handshake. > SSL handshake failed. > OpenSSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version > number > Closed fd 6 > Unable to establish SSL connection. > Use of uninitialized value in ref-to-glob cast at SSLServer.pm line > 141. > Use of uninitialized value in ref-to-glob cast at SSLServer.pm line > 141. > sysread() on unopened filehandle at SSLServer.pm line 141. > Can't call method "close" on an undefined value at SSLServer.pm line > 230. > Test failed: wrong code returned (was: 4, expected: 0) > FAIL Test-https-tlsv1x.px (exit status: 1) > > > ### Side issue: > > As I wrote above, since the HOSTALIASES trick did not work on Mac OS > X, > I edited "/etc/hosts". Without the modification to "/etc/hosts", all > the following eight https tests had been skipped. > > SKIP: Test-https-pfs.px > SKIP: Test-https-tlsv1.px > SKIP: Test-https-tlsv1x.px > SKIP: Test-https-selfsigned.px > SKIP: Test-https-weboftrust.px > SKIP: Test-https-clientcert.px > SKIP: Test-https-crl.px > SKIP: Test-https-badcerts.px > > By the modification to "/etc/hosts", all the https tests proceeded > without being skipped; and the two failed, while the remaining six > passed. > > FAIL: Test-https-pfs.px > PASS: Test-https-tlsv1.px > FAIL: Test-https-tlsv1x.px > PASS: Test-https-selfsigned.px > PASS: Test-https-weboftrust.px > PASS: Test-https-clientcert.px > PASS: Test-https-crl.px > PASS: Test-https-badcerts.px
Test-https-tlsv1.px passes but Test-https-tlsv1x.px fails. These test just differ in the protocol option for wget. This sounds like something with your OpenSSL version. You made a very detailed report, but the version of openssl would be very helpful (maybe also a ldd wget). Could you try with a recent GnuTLS ? > Note that the failure of HOSTALIASES on Mac OS X was already pointed > out in the message "bug-wget/2017-10/msg00038.html" following > "msg00037.html". Newer versions of TLS libraries expect a domain name (no IP, localhost has also pitfalls) in the certificates. So we need a working name resolution for such a name, or we have to skip those tests. Which is even worse, I think. Is there something similar to HOSTALIASES on OSX ? > > ### Related > > "make check" indeed failed in "Test-iri-disabled" at the same time as > "Test-https-pfs" and "Test-https-tlsv1x" under the same conditions > and the same environment. I reported about "Test-iri-disabled" > separately from this report. It is "bug-wget/2018-02/msg00031.html". I answered your email ~6 hours ago. Regards, Tim
