Re: [Bug-wget] HTTPS Python tests fail if localhost resolves to ::1

[Tim Rühsen]

Hi Tomas,

On Freitag, 2. Juni 2017 11:38:42 CEST Tomas Hozza wrote:
> Hi.
> 
> In Fedora 26+ the /etc/hosts lists "localhost" as a domain for both
> 127.0.0.1 and ::1. This makes wget's testsuite to fail during build.
> 
> Failing tests:
> Test--https.py
> Test-pinnedpubkey-der-https.py
> Test-pinnedpubkey-hash-https.py
> Test-pinnedpubkey-pem-https.py
> 
> 
> [root@b28dfb71db2e sources]# cat testenv/Test--https.log
> Python runtime initialized with LC_CTYPE=C (a locale with default ASCII
> encoding), which may cause Unicode compatibility problems. Using C.UTF-8,
> C.utf8, or UTF-8 (if available) as alternative Unicode-compatible locales
> is recommended. Setting --no-config (noconfig) to 1
> Setting --ca-certificate (cacertificate) to
> /sources/testenv/certs/ca-cert.pem DEBUG output created by Wget
> 1.19.1.68-5d4ad on linux-gnu.
> 
> Reading HSTS entries from /sources/testenv/Test--https.py-test/.wget-hsts
> URI encoding = 'ANSI_X3.4-1968'
> converted 'https://127.0.0.1:4/File1' (ANSI_X3.4-1968) ->
> 'https://127.0.0.1:4/File1' (UTF-8) Converted file name 'File1' (UTF-8)
> -> 'File1' (ANSI_X3.4-1968)
> --2017-06-02 09:28:34--  https://127.0.0.1:4/File1
> Loaded CA certificate '/sources/testenv/certs/ca-cert.pem'
> Certificates loaded: 1
> Connecting to 127.0.0.1:4... connected.
> Created socket 3.
> Releasing 0x024ee050 (new refcount 0).
> Deleting unused 0x024ee050.
> The certificate's owner does not match hostname '127.0.0.1'

Are you near latest git ?
testenv/certs/server-cert.pem should be made for '127.0.0.1' and 'localhost' 
(see README) . There is also a recipe for certtool to (re-)generate server-
cert.pem.

Check the cert with 'certtool -i --infile server-cert.pem' (see Subject 
Alternative Name).

> URI encoding = 'ANSI_X3.4-1968'
> converted 'https://127.0.0.1:4/File2' (ANSI_X3.4-1968) ->
> 'https://127.0.0.1:4/File2' (UTF-8) Converted file name 'File2' (UTF-8)
> -> 'File2' (ANSI_X3.4-1968)
> --2017-06-02 09:28:34--  https://127.0.0.1:4/File2
> Connecting to 127.0.0.1:4... connected.
> Created socket 3.
> Releasing 0x0278f1d0 (new refcount 0).
> Deleting unused 0x0278f1d0.
> The certificate's owner does not match hostname '127.0.0.1'
> Running Test Test--https.py
> /sources/src/wget --debug --no-config
> --ca-certificate=/sources/testenv/certs/ca-cert.pem
> https://127.0.0.1:4/File1 https://127.0.0.1:4/File2
> ['/sources/src/wget', '--debug', '--no-config',
> '--ca-certificate=/sources/testenv/certs/ca-cert.pem',
> 'https://127.0.0.1:4/File1', 'https://127.0.0.1:4/File2'] Error:
> Expected file File1 not found..
> Traceback (most recent call last):
>   File "./Test--https.py", line 53, in 
> protocols=Servers
>   File "/sources/testenv/test/http_test.py", line 41, in begin
> self.do_test()
>   File "/sources/testenv/test/base_test.py", line 187, in do_test
> self.post_hook_call()
>   File "/sources/testenv/test/base_test.py", line 206, in post_hook_call
> self.hook_call(self.post_configs, 'Post Test Function')
>   File "/sources/testenv/test/base_test.py", line 196, in hook_call
> conf.find_conf(conf_name)(conf_arg)(self)
>   File "/sources/testenv/conf/expected_files.py", line 54, in __call__
> raise TestFailed('Expected file %s not found.' % file.name)
> exc.test_failed.TestFailed: Expected file File1 not found.
> FAIL Test--https.py (exit status: 1)
> 
> I didn't have time to investigate this thoroughly yet, but I thought I'll
> let you know in case the issue will be obvious to anyone. I suspect that
> there will be a mismatch between the address on which the HTTPS server runs
> and the data in the certificate it uses.
> 
> Regards,
> Tomas

With Best Regards, Tim

signature.asc
Description: This is a digitally signed message part.

Re: [Bug-wget] [GSoC Update] Week 1

[Didik Setiawan]

On Mon, 05 Jun 2017 23:51:00 +0700 Christian Grothoff  wrote:
> Maybe I missed something, but why should the MHD dependency become 
> _mandatory_? Why not conditionally-compile and run the tests only if MHD 
> is present?

Maybe I just misinterpreting this [1]? What Darshit said about removing old
server code from the codebase will make Wget2 more stable since we will not be
susceptible to bugs in the HTTP Server code. 
So, if it is better options, I will amend my current change, make MHD optional,
give fallback to the old server code if MHD not available.

> MHD does the same for libcurl.  Making the dependency optional also avoids the
> obvious possibility of circular dependencies if we ever were to add
> libwget2-based tests to MHD :-). 

That's our goal too. Make libwget as alternative for libcurl.

[1] https://github.com/rockdaboot/wget2/issues/128