[
https://issues.apache.org/jira/browse/QPID-8043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robbie Gemmell resolved QPID-8043.
----------------------------------
Resolution: Fixed
> some broker SSL tests fail on Fedora 26
> ---------------------------------------
>
> Key: QPID-8043
> URL: https://issues.apache.org/jira/browse/QPID-8043
> Project: Qpid
> Issue Type: Test
> Components: C++ Tests
> Affects Versions: qpid-cpp-1.36.0
> Reporter: Robbie Gemmell
> Assignee: Robbie Gemmell
> Fix For: qpid-cpp-1.37.0
>
>
> Some of the broker SSL tests fail on Fedora 26, because connection attempts
> expected to succeed actually fail instead. The same tests pass on Fedora 25
> as well as other OSes.
> This seems to be due to behaviour in newer 1.1.0 versions of OpenSSL, which
> Python uses, and in turn this affects the clients used in the test. The
> server uses NSS.
> After some sleuthing the issue was identified as OpenSSL saying the CA was
> invalid, eventually narrowing down to it being due to 'unsupported
> certificate purpose', and the CA not being marked as applicable for use as a
> CA when printing out its purposes. The original cert generated in an NSS cert
> db is marked for CA use, but this doesn't carry through to the exported PEM
> based cert file. Comparing the CA cert used on the client side to some from
> other components tests, the rest all have an extension indicating use for CA
> purposes.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
