Robbie Gemmell created QPID-8043:
------------------------------------
Summary: some broker SSL tests fail on Fedora 26
Key: QPID-8043
URL: https://issues.apache.org/jira/browse/QPID-8043
Project: Qpid
Issue Type: Test
Components: C++ Tests
Affects Versions: qpid-cpp-1.36.0
Reporter: Robbie Gemmell
Assignee: Robbie Gemmell
Fix For: qpid-cpp-1.37.0
Some of the broker SSL tests fail on Fedora 26, because connection attempts
expected to succeed actually fail instead. The same tests pass on Fedora 25 as
well as other OSes.
This seems to be due to behaviour in newer 1.1.0 versions of OpenSSL, which
Python uses, and in turn this affects the clients used in the test. The server
uses NSS.
After some sleuthing the issue was identified as OpenSSL saying the CA was
invalid, eventually narrowing down to it being due to 'unsupported certificate
purpose', and the CA not being marked as applicable for use as a CA when
printing out its purposes. The original cert generated in an NSS cert db is
marked for CA use, but this doesn't carry through to the exported PEM based
cert file. Comparing the CA cert used on the client side to some from other
components tests, the rest all have an extension indicating use for CA purposes.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
