btw, "build only tests" already pass in case of wolfSSL. should we start
with "build only wolfSSL CI job" ?
few "vtc" fail for various reasons.
вс, 12 мар. 2023 г. в 18:35, Илья Шипицин :
> Hello,
>
> during enabling wolfSSL CI I met the following
>
> #top TEST reg-tests/ssl/ssl_default_server.vtc FAILED (5.123) exit=2
>
> *** h1debug|<134>Mar 12 12:04:49 haproxy[115196]: unix:1
> [12/Mar/2023:12:04:49.922] ssl-lst/1: SSL client CA chain cannot be verified
> *** h1debug|fd[0x12] OpenSSL error[0x2d] : unknown error number
> *** h1debug|fd[0x12] OpenSSL error[0x139] : received alert fatal error
> dT1.152
> *** h1debug|fd[0x12] OpenSSL error[0x2d] : unknown error number
> *** h1debug|fd[0x12] OpenSSL error[0x139] : received alert fatal error
> dT1.157
> *** h1debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
> date after
> *** h1debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
> date after
> *** h1debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
> date after
> *** h1debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
> date after
> *** h1debug|<134>Mar 12 12:04:51 haproxy[115196]: unix:1
> [12/Mar/2023:12:04:50.963] ssl-lst/1: SSL client CA chain cannot be verified
>
>
> I wonder what is prefferable way of addressing that
>
> 1) excluding several "vtc" if haproxy is built with wolfSSL
> 2) adding "WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY" to cert validation
>
> cheers,
> Ilya
>
