Laszlo Gaal created IMPALA-8563:
-----------------------------------
Summary: BE tests specifying their own SSL cipher sets fail on
Ubuntu 18
Key: IMPALA-8563
URL: https://issues.apache.org/jira/browse/IMPALA-8563
Project: IMPALA
Issue Type: Bug
Components: Infrastructure
Affects Versions: Impala 3.2.0
Reporter: Laszlo Gaal
Assignee: Laszlo Gaal
Ubuntu 18.04 upgraded OpenSSL to 1.1.0, which raised the bar in what ciphers
are considered "strong".
Some of the Impala BE tests specify their own ciphers for various test
purposes. These tests use RC4, which is no longer accepted by OpenSSL by
default, making these tests fail on Ubuntu 18.04. Affected tests are:
* rpc-mgr-test
* thrift-server-test
* webserver-test
{code:java}
56/104 Test #56: thrift-util-test ................. Passed 3.34 sec
Start 57: thrift-server-test
57/104 Test #57: thrift-server-test ...............***Exception: SegFault 4.25
sec
Turning perftools heap leak checking off
Loading random data
Initializing database 'de52-8af6-6a92-1e99/krb5kdc/principal' for realm
'KRBTEST.COM',
master key name 'K/[email protected]'
Apr 18 22:20:43 ip-172-31-7-143 krb5kdc[25358](info): setting up network...
krb5kdc: setsockopt(10,IPV6_V6ONLY,1) worked
Apr 18 22:20:43 ip-172-31-7-143 krb5kdc[25358](info): set up 2 sockets
Apr 18 22:20:43 ip-172-31-7-143 krb5kdc[25358](info): commencing operation
krb5kdc: starting...
WARNING: no policy specified for impala/[email protected]; defaulting to no
policy
Authenticating as principal ubuntu/[email protected] with password.
Principal "impala/[email protected]" created.
Authenticating as principal ubuntu/[email protected] with password.
Entry for principal impala/localhost with kvno 2, encryption type
aes256-cts-hmac-sha1-96 added to keytab
WRFILE:de52-8af6-6a92-1e99/krb5kdc/impala_localhost.keytab.
Entry for principal impala/localhost with kvno 2, encryption type
aes128-cts-hmac-sha1-96 added to keytab
WRFILE:de52-8af6-6a92-1e99/krb5kdc/impala_localhost.keytab.
[==========] Running 16 tests from 6 test cases.
[----------] Global test environment set-up.
[----------] 1 test from ThriftTestBase
[ RUN ] ThriftTestBase.Connectivity
[ OK ] ThriftTestBase.Connectivity (85 ms)
[----------] 1 test from ThriftTestBase (85 ms total)
[----------] 8 tests from SslTest
[ RUN ] SslTest.BadCertificate
[ OK ] SslTest.BadCertificate (17 ms)
[ RUN ] SslTest.ClientBeforeServer
[ OK ] SslTest.ClientBeforeServer (4 ms)
[ RUN ] SslTest.BadCiphers
[ OK ] SslTest.BadCiphers (1 ms)
[ RUN ] SslTest.MismatchedCiphers
/home/ubuntu/Impala/be/src/rpc/thrift-server-test.cc:314: Failure
Value of: status_.ok()
Actual: false
Expected: true
Error: SSL socket creation failed: SSL_CTX_set_cipher_list: no cipher match
/home/ubuntu/Impala/be/src/rpc/thrift-server-test.cc:322: Failure
Value of: status_.ok()
Actual: false
Expected: true
Error: SSL socket creation failed: SSL_CTX_set_cipher_list: no cipher match
Wrote minidump to
/home/ubuntu/Impala/logs/be_tests/minidumps/thrift-server-test/3c9581c6-3007-4582-2f9967bb-c5fc4825.dmp
Wrote minidump to
/home/ubuntu/Impala/logs/be_tests/minidumps/thrift-server-test/3c9581c6-3007-4582-2f9967bb-c5fc4825.dmp
{code}
{code:java}
Start 59: rpc-mgr-test
59/104 Test #59: rpc-mgr-test .....................***Failed 5.13 sec
Turning perftools heap leak checking off
[==========] Running 11 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 11 tests from RpcMgrTest
[ RUN ] RpcMgrTest.MultipleServicesTls
19/04/18 22:20:51 INFO util.JvmPauseMonitor: Starting JVM pause monitor
[ OK ] RpcMgrTest.MultipleServicesTls (923 ms)
[ RUN ] RpcMgrTest.MultipleServices
[ OK ] RpcMgrTest.MultipleServices (61 ms)
[ RUN ] RpcMgrTest.BadCertificateTls
[ OK ] RpcMgrTest.BadCertificateTls (35 ms)
[ RUN ] RpcMgrTest.BadPasswordTls
[ OK ] RpcMgrTest.BadPasswordTls (58 ms)
[ RUN ] RpcMgrTest.CorrectPasswordTls
[ OK ] RpcMgrTest.CorrectPasswordTls (61 ms)
[ RUN ] RpcMgrTest.BadCiphersTls
[ OK ] RpcMgrTest.BadCiphersTls (34 ms)
[ RUN ] RpcMgrTest.ValidCiphersTls
/home/ubuntu/Impala/be/src/rpc/rpc-mgr-test.cc:142: Failure
Value of: status_.ok()
Actual: false
Expected: true
Error: Could not build messenger: Runtime error: failed to set TLS ciphers:
error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
match:../ssl/ssl_lib.c:2129
[ FAILED ] RpcMgrTest.ValidCiphersTls (32 ms)
[ RUN ] RpcMgrTest.ValidMultiCiphersTls
/home/ubuntu/Impala/be/src/rpc/rpc-mgr-test.cc:161: Failure
Value of: status_.ok()
Actual: false
Expected: true
Error: Could not build messenger: Runtime error: failed to set TLS ciphers:
error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
match:../ssl/ssl_lib.c:2129
[ FAILED ] RpcMgrTest.ValidMultiCiphersTls (44 ms)
[ RUN ] RpcMgrTest.SlowCallback
[ OK ] RpcMgrTest.SlowCallback (333 ms)
[ RUN ] RpcMgrTest.AsyncCall
[ OK ] RpcMgrTest.AsyncCall (36 ms)
[ RUN ] RpcMgrTest.NegotiationTimeout
[ OK ] RpcMgrTest.NegotiationTimeout (35 ms)
[----------] 11 tests from RpcMgrTest (1652 ms total)
[----------] Global test environment tear-down
[==========] 11 tests from 1 test case ran. (1652 ms total)
[ PASSED ] 9 tests.
[ FAILED ] 2 tests, listed below:
[ FAILED ] RpcMgrTest.ValidCiphersTls
[ FAILED ] RpcMgrTest.ValidMultiCiphersTls
2 FAILED TESTS
{code}
{code:java}
Start 102: webserver-test
102/104 Test #102: webserver-test ...................***Failed 3.02 sec
Turning perftools heap leak checking off
[==========] Running 18 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 18 tests from Webserver
[ RUN ] Webserver.SmokeTest
[ OK ] Webserver.SmokeTest (18 ms)
[ RUN ] Webserver.ArgsTest
[ OK ] Webserver.ArgsTest (14 ms)
[ RUN ] Webserver.JsonTest
[ OK ] Webserver.JsonTest (11 ms)
[ RUN ] Webserver.EscapingTest
[ OK ] Webserver.EscapingTest (11 ms)
[ RUN ] Webserver.EscapeErrorUriTest
[ OK ] Webserver.EscapeErrorUriTest (11 ms)
[ RUN ] Webserver.SslTest
[ OK ] Webserver.SslTest (10 ms)
[ RUN ] Webserver.SslBadCertTest
[ OK ] Webserver.SslBadCertTest (0 ms)
[ RUN ] Webserver.SslWithPrivateKeyPasswordTest
[ OK ] Webserver.SslWithPrivateKeyPasswordTest (12 ms)
[ RUN ] Webserver.SslBadPrivateKeyPasswordTest
[ OK ] Webserver.SslBadPrivateKeyPasswordTest (2 ms)
[ RUN ] Webserver.SslCipherSuite
/home/ubuntu/Impala/be/src/util/webserver-test.cc:273: Failure
Value of: status_.ok()
Actual: false
Expected: true
Error: Webserver: Could not start on address 0.0.0.0:27890
[ FAILED ] Webserver.SslCipherSuite (3 ms)
[ RUN ] Webserver.SslBadTlsVersion
[ OK ] Webserver.SslBadTlsVersion (1 ms)
[ RUN ] Webserver.SslGoodTlsVersion
[ OK ] Webserver.SslGoodTlsVersion (35 ms)
[ RUN ] Webserver.StartWithPasswordFileTest
[ OK ] Webserver.StartWithPasswordFileTest (11 ms)
[ RUN ] Webserver.StartWithMissingPasswordFileTest
[ OK ] Webserver.StartWithMissingPasswordFileTest (0 ms)
[ RUN ] Webserver.DirectoryListingDisabledTest
[ OK ] Webserver.DirectoryListingDisabledTest (10 ms)
[ RUN ] Webserver.NoFrameEmbeddingTest
[ OK ] Webserver.NoFrameEmbeddingTest (11 ms)
[ RUN ] Webserver.FrameAllowEmbeddingTest
[ OK ] Webserver.FrameAllowEmbeddingTest (11 ms)
[ RUN ] Webserver.NullCharTest
[ OK ] Webserver.NullCharTest (10 ms)
[----------] 18 tests from Webserver (181 ms total)
[----------] Global test environment tear-down
[==========] 18 tests from 1 test case ran. (181 ms total)
[ PASSED ] 17 tests.
[ FAILED ] 1 test, listed below:
[ FAILED ] Webserver.SslCipherSuite
1 FAILED TEST
{code}
Since we don't have regular tests on Ubuntu 18 (though arguably we should), I'm
not making this a blocker.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
