[ https://issues.apache.org/jira/browse/IMPALA-8563?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jim Apple resolved IMPALA-8563. ------------------------------- Resolution: Fixed Fix Version/s: Impala 3.3.0 Thanks for fixing this, Laszlo! > BE tests specifying their own SSL cipher sets fail on Ubuntu 18 > --------------------------------------------------------------- > > Key: IMPALA-8563 > URL: https://issues.apache.org/jira/browse/IMPALA-8563 > Project: IMPALA > Issue Type: Bug > Components: Infrastructure > Affects Versions: Impala 3.2.0 > Reporter: Laszlo Gaal > Assignee: Laszlo Gaal > Priority: Critical > Fix For: Impala 3.3.0 > > > Ubuntu 18.04 upgraded OpenSSL to 1.1.0, which raised the bar in what ciphers > are considered "strong". > Some of the Impala BE tests specify their own ciphers for various test > purposes. These tests use RC4, which is no longer accepted by OpenSSL by > default, making these tests fail on Ubuntu 18.04. Affected tests are: > * rpc-mgr-test > * thrift-server-test > * webserver-test > {code:java} > 56/104 Test #56: thrift-util-test ................. Passed 3.34 sec > Start 57: thrift-server-test > 57/104 Test #57: thrift-server-test ...............***Exception: SegFault > 4.25 sec > Turning perftools heap leak checking off > Loading random data > Initializing database 'de52-8af6-6a92-1e99/krb5kdc/principal' for realm > 'KRBTEST.COM', > master key name 'K/m...@krbtest.com' > Apr 18 22:20:43 ip-172-31-7-143 krb5kdc[25358](info): setting up network... > krb5kdc: setsockopt(10,IPV6_V6ONLY,1) worked > Apr 18 22:20:43 ip-172-31-7-143 krb5kdc[25358](info): set up 2 sockets > Apr 18 22:20:43 ip-172-31-7-143 krb5kdc[25358](info): commencing operation > krb5kdc: starting... > WARNING: no policy specified for impala/localh...@krbtest.com; defaulting to > no policy > Authenticating as principal ubuntu/ad...@krbtest.com with password. > Principal "impala/localh...@krbtest.com" created. > Authenticating as principal ubuntu/ad...@krbtest.com with password. > Entry for principal impala/localhost with kvno 2, encryption type > aes256-cts-hmac-sha1-96 added to keytab > WRFILE:de52-8af6-6a92-1e99/krb5kdc/impala_localhost.keytab. > Entry for principal impala/localhost with kvno 2, encryption type > aes128-cts-hmac-sha1-96 added to keytab > WRFILE:de52-8af6-6a92-1e99/krb5kdc/impala_localhost.keytab. > [==========] Running 16 tests from 6 test cases. > [----------] Global test environment set-up. > [----------] 1 test from ThriftTestBase > [ RUN ] ThriftTestBase.Connectivity > [ OK ] ThriftTestBase.Connectivity (85 ms) > [----------] 1 test from ThriftTestBase (85 ms total) > [----------] 8 tests from SslTest > [ RUN ] SslTest.BadCertificate > [ OK ] SslTest.BadCertificate (17 ms) > [ RUN ] SslTest.ClientBeforeServer > [ OK ] SslTest.ClientBeforeServer (4 ms) > [ RUN ] SslTest.BadCiphers > [ OK ] SslTest.BadCiphers (1 ms) > [ RUN ] SslTest.MismatchedCiphers > /home/ubuntu/Impala/be/src/rpc/thrift-server-test.cc:314: Failure > Value of: status_.ok() > Actual: false > Expected: true > Error: SSL socket creation failed: SSL_CTX_set_cipher_list: no cipher match > /home/ubuntu/Impala/be/src/rpc/thrift-server-test.cc:322: Failure > Value of: status_.ok() > Actual: false > Expected: true > Error: SSL socket creation failed: SSL_CTX_set_cipher_list: no cipher match > Wrote minidump to > /home/ubuntu/Impala/logs/be_tests/minidumps/thrift-server-test/3c9581c6-3007-4582-2f9967bb-c5fc4825.dmp > Wrote minidump to > /home/ubuntu/Impala/logs/be_tests/minidumps/thrift-server-test/3c9581c6-3007-4582-2f9967bb-c5fc4825.dmp > {code} > {code:java} > Start 59: rpc-mgr-test > 59/104 Test #59: rpc-mgr-test .....................***Failed 5.13 sec > Turning perftools heap leak checking off > [==========] Running 11 tests from 1 test case. > [----------] Global test environment set-up. > [----------] 11 tests from RpcMgrTest > [ RUN ] RpcMgrTest.MultipleServicesTls > 19/04/18 22:20:51 INFO util.JvmPauseMonitor: Starting JVM pause monitor > [ OK ] RpcMgrTest.MultipleServicesTls (923 ms) > [ RUN ] RpcMgrTest.MultipleServices > [ OK ] RpcMgrTest.MultipleServices (61 ms) > [ RUN ] RpcMgrTest.BadCertificateTls > [ OK ] RpcMgrTest.BadCertificateTls (35 ms) > [ RUN ] RpcMgrTest.BadPasswordTls > [ OK ] RpcMgrTest.BadPasswordTls (58 ms) > [ RUN ] RpcMgrTest.CorrectPasswordTls > [ OK ] RpcMgrTest.CorrectPasswordTls (61 ms) > [ RUN ] RpcMgrTest.BadCiphersTls > [ OK ] RpcMgrTest.BadCiphersTls (34 ms) > [ RUN ] RpcMgrTest.ValidCiphersTls > /home/ubuntu/Impala/be/src/rpc/rpc-mgr-test.cc:142: Failure > Value of: status_.ok() > Actual: false > Expected: true > Error: Could not build messenger: Runtime error: failed to set TLS ciphers: > error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher > match:../ssl/ssl_lib.c:2129 > [ FAILED ] RpcMgrTest.ValidCiphersTls (32 ms) > [ RUN ] RpcMgrTest.ValidMultiCiphersTls > /home/ubuntu/Impala/be/src/rpc/rpc-mgr-test.cc:161: Failure > Value of: status_.ok() > Actual: false > Expected: true > Error: Could not build messenger: Runtime error: failed to set TLS ciphers: > error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher > match:../ssl/ssl_lib.c:2129 > [ FAILED ] RpcMgrTest.ValidMultiCiphersTls (44 ms) > [ RUN ] RpcMgrTest.SlowCallback > [ OK ] RpcMgrTest.SlowCallback (333 ms) > [ RUN ] RpcMgrTest.AsyncCall > [ OK ] RpcMgrTest.AsyncCall (36 ms) > [ RUN ] RpcMgrTest.NegotiationTimeout > [ OK ] RpcMgrTest.NegotiationTimeout (35 ms) > [----------] 11 tests from RpcMgrTest (1652 ms total) > [----------] Global test environment tear-down > [==========] 11 tests from 1 test case ran. (1652 ms total) > [ PASSED ] 9 tests. > [ FAILED ] 2 tests, listed below: > [ FAILED ] RpcMgrTest.ValidCiphersTls > [ FAILED ] RpcMgrTest.ValidMultiCiphersTls > 2 FAILED TESTS > {code} > {code:java} > Start 102: webserver-test > 102/104 Test #102: webserver-test ...................***Failed 3.02 sec > Turning perftools heap leak checking off > [==========] Running 18 tests from 1 test case. > [----------] Global test environment set-up. > [----------] 18 tests from Webserver > [ RUN ] Webserver.SmokeTest > [ OK ] Webserver.SmokeTest (18 ms) > [ RUN ] Webserver.ArgsTest > [ OK ] Webserver.ArgsTest (14 ms) > [ RUN ] Webserver.JsonTest > [ OK ] Webserver.JsonTest (11 ms) > [ RUN ] Webserver.EscapingTest > [ OK ] Webserver.EscapingTest (11 ms) > [ RUN ] Webserver.EscapeErrorUriTest > [ OK ] Webserver.EscapeErrorUriTest (11 ms) > [ RUN ] Webserver.SslTest > [ OK ] Webserver.SslTest (10 ms) > [ RUN ] Webserver.SslBadCertTest > [ OK ] Webserver.SslBadCertTest (0 ms) > [ RUN ] Webserver.SslWithPrivateKeyPasswordTest > [ OK ] Webserver.SslWithPrivateKeyPasswordTest (12 ms) > [ RUN ] Webserver.SslBadPrivateKeyPasswordTest > [ OK ] Webserver.SslBadPrivateKeyPasswordTest (2 ms) > [ RUN ] Webserver.SslCipherSuite > /home/ubuntu/Impala/be/src/util/webserver-test.cc:273: Failure > Value of: status_.ok() > Actual: false > Expected: true > Error: Webserver: Could not start on address 0.0.0.0:27890 > [ FAILED ] Webserver.SslCipherSuite (3 ms) > [ RUN ] Webserver.SslBadTlsVersion > [ OK ] Webserver.SslBadTlsVersion (1 ms) > [ RUN ] Webserver.SslGoodTlsVersion > [ OK ] Webserver.SslGoodTlsVersion (35 ms) > [ RUN ] Webserver.StartWithPasswordFileTest > [ OK ] Webserver.StartWithPasswordFileTest (11 ms) > [ RUN ] Webserver.StartWithMissingPasswordFileTest > [ OK ] Webserver.StartWithMissingPasswordFileTest (0 ms) > [ RUN ] Webserver.DirectoryListingDisabledTest > [ OK ] Webserver.DirectoryListingDisabledTest (10 ms) > [ RUN ] Webserver.NoFrameEmbeddingTest > [ OK ] Webserver.NoFrameEmbeddingTest (11 ms) > [ RUN ] Webserver.FrameAllowEmbeddingTest > [ OK ] Webserver.FrameAllowEmbeddingTest (11 ms) > [ RUN ] Webserver.NullCharTest > [ OK ] Webserver.NullCharTest (10 ms) > [----------] 18 tests from Webserver (181 ms total) > [----------] Global test environment tear-down > [==========] 18 tests from 1 test case ran. (181 ms total) > [ PASSED ] 17 tests. > [ FAILED ] 1 test, listed below: > [ FAILED ] Webserver.SslCipherSuite > 1 FAILED TEST > {code} > Since we don't have regular tests on Ubuntu 18 (though arguably we should), > I'm not making this a blocker. -- This message was sent by Atlassian JIRA (v7.6.3#76005)