I thought the whole intent for a quick 2.4.36 was for TLSv1.3 support. If that's not ready for prime time, then why a release??
> On Oct 10, 2018, at 2:11 PM, Daniel Ruggeri <drugg...@primary.net> wrote: > > On 2018-10-10 07:30, Joe Orton wrote: >> On Tue, Oct 09, 2018 at 03:29:49PM -0500, Daniel Ruggeri wrote: >>> Hi, all; >>> I ran through my usual testing routine, this time with OpenSSL 1.1.1, but >>> found several test failures. In the past, these issues have been isolated to >>> my environment so I just wanted to drop a line to see if anyone has run the >>> test suite against 2.4.x lately and can corroborate this result? If not, I >>> can debug my environment. >> TLSv1.3 testing is still a mess with OpenSSL 1.1.1, sorry. I have >> updated the test suite just now to disable TLSv1.3 testing for most >> people. We need updates to Net::SSLeay (the latest upstream has the >> patch) and IO::Socket::SSL, but the latter is not patched upstream, so I >> can't make an accurate test for that yet. >> At worst, forcibly testing with: >> ./t/TEST -sslproto 'all -TLSv1.2' >> should now be possible. >> (If using an existing check-out of the test suite don't forget to re-run >> "make" before running ./t/TEST -conf to regenerate the config...) >> Let me know if that's not made any difference for you. >> I don't know why t/modules/http2.t is failing but I see that here too. > > Thanks Joe and Bill. > > Yep, when flipping back over to OpenSSL 1.1.0i, everything works A-OK. Even > the H2 failure irons itself out. It's a bummer to hear TLS 1.3 testing isn't > up to snuff with this being the major feature of the release. > > I also just wiped the environment, recompiled everything from scratch (same > versions noted below) and reran the tests with the latest test framework and > see that the recent changes to the framework leave only the failing h2 test > (which doesn't happen w/ 1.1.0i). So... I think it was indeed localized to > the test framework. > > I'm also happy to see the H2 EOS fix in, too! > > So... I think I'm content with the results and am ready to T&R! > >> Regards, Joe >>> Test Summary Report >>> ------------------- >>> t/modules/http2.t (Wstat: 0 Tests: 24 Failed: 0) >>> Parse errors: Bad plan. You planned 52 tests but ran 24. >>> t/security/CVE-2009-3555.t (Wstat: 0 Tests: 4 Failed: 2) >>> Failed tests: 3-4 >>> t/ssl/basicauth.t (Wstat: 0 Tests: 4 Failed: 2) >>> Failed tests: 2-3 >>> t/ssl/env.t (Wstat: 0 Tests: 30 Failed: 15) >>> Failed tests: 16-30 >>> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 4) >>> Failed tests: 1-4 >>> t/ssl/fakeauth.t (Wstat: 0 Tests: 3 Failed: 2) >>> Failed tests: 2-3 >>> t/ssl/ocsp.t (Wstat: 0 Tests: 3 Failed: 1) >>> Failed test: 3 >>> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 3) >>> Failed tests: 2, 5, 9 >>> t/ssl/varlookup.t (Wstat: 0 Tests: 83 Failed: 83) >>> Failed tests: 1-83 >>> t/ssl/verify.t (Wstat: 0 Tests: 3 Failed: 1) >>> Failed test: 2 >>> Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr 0.28 sys + 48.46 cusr >>> 11.08 csys = 61.68 CPU) >>> Versions at play were: >>> system: >>> kernel: >>> name: Linux >>> release: 3.16.0-4-amd64 >>> version: #1 SMP Debian 3.16.51-3 (2017-12-13) >>> machine: x86_64 >>> libraries: >>> openssl: "1.1.1" >>> openldap: "2.4.46" >>> apr: "1.6.5" >>> apr-util: "1.6.1" >>> iconv: "1.2.2" >>> brotli: "1.0.6" >>> nghttp2: "1.34.0" >>> zlib: "1.2.11" >>> pcre: "8.42" >>> libxml2: "2.9.8" >>> php: "5.6.38" >>> lua: "5.3.5" >>> curl: "7.61.1" >>> Anything look obviously crazy/wrong? >>> -- >>> Daniel Ruggeri >>> On 2018-10-09 06:36, Daniel Ruggeri wrote: >>> > Hi, all; >>> > Barring any major disagreement in the next several hours, I intend to >>> > T&R our next version later today or early tomorrow. >>> > >>> > Hooray for TLS 1.3! >>> > -- >>> > Daniel Ruggeri > > -- > Daniel Ruggeri
