[jira] [Commented] (QPID-8043) some broker SSL tests fail on Fedora 26

Tue, 21 Nov 2017 05:04:17 -0800 

    [ 
https://issues.apache.org/jira/browse/QPID-8043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16260680#comment-16260680
 ] 

ASF subversion and git services commented on QPID-8043:
-------------------------------------------------------

Commit b6371eaa694414f3fc37fe5a531b1a72b719cadb in qpid-cpp's branch 
refs/heads/master from [~gemmellr]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-cpp.git;h=b6371ea ]

QPID-8043: relax -e for availability checks, allows them to work and indicate 
whats happening.

Avoids spurious failure without indicated cause following changes in 
598ce6b3d06b8cc041013a6d3e86dcf8d9c432f2
if the tooling needed happens not to be available.


> some broker SSL tests fail on Fedora 26
> ---------------------------------------
>
>                 Key: QPID-8043
>                 URL: https://issues.apache.org/jira/browse/QPID-8043
>             Project: Qpid
>          Issue Type: Test
>          Components: C++ Tests
>    Affects Versions: qpid-cpp-1.36.0
>            Reporter: Robbie Gemmell
>            Assignee: Robbie Gemmell
>             Fix For: qpid-cpp-1.37.0
>
>
> Some of the broker SSL tests fail on Fedora 26, because connection attempts 
> expected to succeed actually fail instead. The same tests pass on Fedora 25 
> as well as other OSes.
> This seems to be due to behaviour in newer 1.1.0 versions of OpenSSL, which 
> Python uses, and in turn this affects the clients used in the test. The 
> server uses NSS.
> After some sleuthing the issue was identified as OpenSSL saying the CA was 
> invalid, eventually narrowing down to it being due to 'unsupported 
> certificate purpose', and the CA not being marked as applicable for use as a 
> CA when printing out its purposes. The original cert generated in an NSS cert 
> db is marked for CA use, but this doesn't carry through to the exported PEM 
> based cert file. Comparing the CA cert used on the client side to some from 
> other components tests, the rest all have an extension indicating use for CA 
> purposes.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to