I have a feature test failing when I update the docker build
environment to erlang 22. It looks like no TLS is working. I believe
they disabled TLSv1.0 and TLSv1.1 in this release of the ssl package
(9.3.x). That said, could someone tell me how to fix this? I do not
know erlang. Are we missing a dependency in the rebar script on ssl
perhaps? None of the TLS protocols are working.
root@4f0e809ad26e:/thrift/src# python3 test/test.py -F --server erl
Apache Thrift - Integration Test Suite
Wed Jul 03 15:55:28 2019
===============================================================================
server-client: protocol: transport: result:
erl-nosslv3 binary buffered-ip-ssl success
erl-limit_container_len compact buffered-ip failure(65)
erl-limit_string_length compact buffered-ip failure(65)
erl-tls binary buffered-ip-ssl failure(3)
===============================================================================
*** Following 1 failures were unexpected ***:
If it is introduced by you, please fix it before submitting the code.
===============================================================================
server-client: protocol: transport: result:
erl-tls binary buffered-ip-ssl failure(3)
===============================================================================
Unexpected failures are logged to test/features/log/unexpected_failures.log
Known failures are logged to test/features/log/known_failures.log
You can browse results at:
file:///thrift/src/test/features/index.html
# If you use Chrome, run:
# cd /thrift/src
# python -m http.server 8001
# then browse:
# http://localhost:8001/test/features/
Full log for each test is here:
test/log/server_client_protocol_transport_client.log
test/log/server_client_protocol_transport_server.log
3 failed of 4 tests in total.
Test execution took 4.4 seconds.
Wed Jul 03 15:55:33 2019
root@4f0e809ad26e:/thrift/src# cat
test/features/log/erl-tls_binary_buffered-ip-ssl_client.log
Wed Jul 03 15:55:33 2019
Executing: /thrift/src/test/features/tls.sh --protocol=binary
--transport=buffered --ssl --port=36713
Directory: /thrift/src/test/features
config:delay: 5
config:timeout: 5
===============================================================================
openssl s_client -connect localhost:36713 -CAfile ../keys/CA.pem -tls1
2>&1 < /dev/null
result of command: 1
[warn] tls1 negotiation did not work
139857556615616:error:0200206F:system library:connect:Connection
refused:../crypto/bio/b_sock2.c:110:
139857556615616:error:2008A067:BIO routines:BIO_connect:connect
error:../crypto/bio/b_sock2.c:111:
139857556615616:error:02002063:system library:connect:Cannot assign
requested address:../crypto/bio/b_sock2.c:110:
139857556615616:error:2008A067:BIO routines:BIO_connect:connect
error:../crypto/bio/b_sock2.c:111: connect:errno=99
openssl s_client -connect localhost:36713 -CAfile ../keys/CA.pem
-tls1_1 2>&1 < /dev/null
result of command: 1
[warn] tls1_1 negotiation did not work
139800178897344:error:0200206F:system library:connect:Connection
refused:../crypto/bio/b_sock2.c:110:
139800178897344:error:2008A067:BIO routines:BIO_connect:connect
error:../crypto/bio/b_sock2.c:111:
139800178897344:error:02002063:system library:connect:Cannot assign
requested address:../crypto/bio/b_sock2.c:110:
139800178897344:error:2008A067:BIO routines:BIO_connect:connect
error:../crypto/bio/b_sock2.c:111: connect:errno=99
openssl s_client -connect localhost:36713 -CAfile ../keys/CA.pem
-tls1_2 2>&1 < /dev/null
result of command: 1
[warn] tls1_2 negotiation did not work
140417440297408:error:0200206F:system library:connect:Connection
refused:../crypto/bio/b_sock2.c:110:
140417440297408:error:2008A067:BIO routines:BIO_connect:connect
error:../crypto/bio/b_sock2.c:111:
140417440297408:error:02002063:system library:connect:Cannot assign
requested address:../crypto/bio/b_sock2.c:110:
140417440297408:error:2008A067:BIO routines:BIO_connect:connect
error:../crypto/bio/b_sock2.c:111: connect:errno=99
[fail] At least one of TLSv1.0, TLSv1.1, or TLSv1.2 needs to work, but does not
===============================================================================
Return code: 3 (negative values indicate kill by signal)
Test execution took 0.0 seconds.
Wed Jul 03 15:55:33 2019
root@4f0e809ad26e:/thrift/src# cat
test/features/log/erl-tls_binary_buffered-ip-ssl_server.log
Wed Jul 03 15:55:29 2019
Executing: erl +K true -noshell -pa ../../lib/erl/ebin/ -pa ./ebin -s
test_thrift_server -extra --protocol=binary --transport=buffered --ssl
--port=36713
Directory: /thrift/src/test/erl
config:delay: 5
config:timeout: 5
===============================================================================
=ERROR REPORT==== 3-Jul-2019::15:55:30.046850 ===
Error in process <0.93.0> with exit value:
{undef,
[{thrift_socket_server,start,
[[{handler,test_thrift_server},
{service,thrift_test_thrift},
{port,36713},
{ssltransport,true},
{ssloptions,
[{certfile,"../keys/server.pem"},
{keyfile,"../keys/server.key"}]},
{protocol,binary}]],
[]},
{test_thrift_server,'-start/1-fun-0-',2,
[{file,"src/test_thrift_server.erl"},{line,68}]}]}
===============================================================================
Return code: -1 (negative values indicate kill by signal)
Test execution took 3.8 seconds.
Wed Jul 03 15:55:33 2019
