[
https://issues.apache.org/jira/browse/QPID-8043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259344#comment-16259344
]
ASF subversion and git services commented on QPID-8043:
-------------------------------------------------------
Commit ffe468c0343a82667682953cac388c26a1451748 in qpid-cpp's branch
refs/heads/master from [~gemmellr]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-cpp.git;h=ffe468c ]
QPID-8043: update cert generation to add extension indicating cert signing,
allows test clients to verify the signed server key
> some broker SSL tests fail on Fedora 26
> ---------------------------------------
>
> Key: QPID-8043
> URL: https://issues.apache.org/jira/browse/QPID-8043
> Project: Qpid
> Issue Type: Test
> Components: C++ Tests
> Affects Versions: qpid-cpp-1.36.0
> Reporter: Robbie Gemmell
> Assignee: Robbie Gemmell
> Fix For: qpid-cpp-1.37.0
>
>
> Some of the broker SSL tests fail on Fedora 26, because connection attempts
> expected to succeed actually fail instead. The same tests pass on Fedora 25
> as well as other OSes.
> This seems to be due to behaviour in newer 1.1.0 versions of OpenSSL, which
> Python uses, and in turn this affects the clients used in the test. The
> server uses NSS.
> After some sleuthing the issue was identified as OpenSSL saying the CA was
> invalid, eventually narrowing down to it being due to 'unsupported
> certificate purpose', and the CA not being marked as applicable for use as a
> CA when printing out its purposes. The original cert generated in an NSS cert
> db is marked for CA use, but this doesn't carry through to the exported PEM
> based cert file. Comparing the CA cert used on the client side to some from
> other components tests, the rest all have an extension indicating use for CA
> purposes.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
