Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

> On Oct 16, 2018, at 11:36 AM, William A Rowe Jr wrote: > > To button this issue up, it's clear to me that Jim had transposed the meaning > of result values from posix commands, and that was the origin of > irrationality in this discussion. > Actually, I did not. But thanks for playing.

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

To button this issue up, it's clear to me that Jim had transposed the meaning of result values from posix commands, and that was the origin of irrationality in this discussion. Beyond the misunderstanding, the actual behavior of openssl in 1.0.x and prior was inane, and led to Jim's confusion,

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

On 10/15/2018 01:25 PM, William A Rowe Jr wrote: On Sun, Oct 14, 2018 at 4:38 PM Dennis Clarke > wrote: As a red herring that illustrates how oddball the situation could get : $ /usr/sfw/bin/openssl version 2>&1 | cut -f1 -d\( OpenSSL 0.9.7d 17 Mar

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

On Sun, Oct 14, 2018 at 4:38 PM Dennis Clarke wrote: > > As a red herring that illustrates how oddball the situation could get : > > $ /usr/sfw/bin/openssl version 2>&1 | cut -f1 -d\( > OpenSSL 0.9.7d 17 Mar 2004 > [...] > Segmentation Fault(coredump) > I think we can safely ignore OpenSSL

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

On Wed, Oct 10, 2018 at 12:27 PM wrote: > Author: jim > Date: Wed Oct 10 17:27:33 2018 > New Revision: 1843478 > > @@ -21,7 +21,7 @@ Apache::TestRequest::module('ssl_ocsp'); > # support in earlier versions without messing around with stderr > my $openssl = Apache::TestSSLCA::openssl(); > if

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

On Mon, Oct 15, 2018 at 10:10 AM Jim Jagielski wrote: > -1 (veto). > Correct. Your three commits against jorton's implementation are vetoed. They were incorrect. > 'list' is not a valid command. > You are wrong. The list-standard-commands feature was dropped from OpenSSL 1.1.0 and onwards.

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

Forget this. My patch works and is correct and handles the specific situation which is noted in the test case itself related to older versions. It is an IMPROVEMENT over what we currently have. The sole reason why Bill doesn't like it is because *I* committed it. Whatever. I have no desire or

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

-1 (veto). 'list' is not a valid command. > On Oct 15, 2018, at 11:04 AM, William A Rowe Jr wrote: > > On Mon, Oct 15, 2018 at 7:52 AM Jim Jagielski > wrote: > > And lest we forget, the orig version used: > > $openssl list -commands > > I have no idea what

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

On Mon, Oct 15, 2018 at 7:52 AM Jim Jagielski wrote: > > And lest we forget, the orig version used: > > $openssl list -commands > > I have no idea what version of openssl supports 'list'. The result > of which was that the ocsp testing was ALWAYS SKIPPED. > No, it wasn't skipped. We weren't

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

> On Oct 14, 2018, at 3:59 PM, William A Rowe Jr wrote: > > $ openssl xyz >/dev/null > Invalid command 'xyz'; type "help" for a list. > $ echo $? > 1 > $ openssl version > OpenSSL 1.1.0i-fips 14 Aug 2018 > > I have no idea which bastardization of the openssl command line tool you are >

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

On 10/14/2018 05:45 PM, William A Rowe Jr wrote: Dennis, just to confirm ...  is this build ocsp enabled.. Enabled and broken. At least on Solaris 10 sparc with recent patches. OpenSSL 1.1.1 works just fine. See below. OpenSSL 1.0.2n also blows up : $ /usr/bin/openssl version OpenSSL

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

Dennis, just to confirm ... is this build ocsp enabled, or entirely absent and yet presenting the ocsp help in absence of the feature? On Sun, Oct 14, 2018 at 4:38 PM Dennis Clarke wrote: > On 10/14/2018 05:14 PM, Rainer Jung wrote: > > Am 14.10.2018 um 22:58 schrieb William A Rowe Jr: > >> On

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

Am 14.10.2018 um 22:58 schrieb William A Rowe Jr: On Sun, Oct 14, 2018 at 3:50 PM Rainer Jung > wrote: And Jim already set "With 1.1.1, both return 1, but so what, we know that it has oscp." That, of course, is nonsense. OpenSSL is malleable... with

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

On Sun, Oct 14, 2018 at 3:50 PM Rainer Jung wrote: > > And Jim already set "With 1.1.1, both return 1, but so what, we know > that it has oscp." > That, of course, is nonsense. OpenSSL is malleable... with numerous no-{feature} choice, we really shouldn't presume presence of features by

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

Am 14.10.2018 um 21:59 schrieb William A Rowe Jr: On Sun, Oct 14, 2018 at 8:32 AM Jim Jagielski > wrote: All we are checking is the error code. Nothing else.    % openssl version    OpenSSL 1.0.2p  14 Aug 2018    % openssl ocsp 2>/dev/null    %

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

Copy paste missed a stderr line; $ openssl ocsp >/dev/null ocsp: Use -help for summary. $ echo $? 1 $ openssl xyz >/dev/null Invalid command 'xyz'; type "help" for a list. $ echo $? 1 $ openssl version OpenSSL 1.1.0i-fips 14 Aug 2018 This is from # dnf list openssl Installed Packages

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

On Sun, Oct 14, 2018 at 8:32 AM Jim Jagielski wrote: > All we are checking is the error code. Nothing else. > >% openssl version >OpenSSL 1.0.2p 14 Aug 2018 >% openssl ocsp 2>/dev/null >% print $? >1 >% openssl foo 2>/dev/null >% print $? >0 > > With 1.1.1, both

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

All we are checking is the error code. Nothing else. % openssl version OpenSSL 1.0.2p 14 Aug 2018 % openssl ocsp 2>/dev/null % print $? 1 % openssl foo 2>/dev/null % print $? 0 With 1.1.1, both return 1, but so what, we know that it has oscp. Complaining about /dev/null

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

On Sat, Oct 13, 2018 at 1:35 PM William A Rowe Jr wrote: > On Wed, Oct 10, 2018 at 12:27 PM wrote: > >> Author: jim >> Date: Wed Oct 10 17:27:33 2018 >> New Revision: 1843478 >> >> URL: http://svn.apache.org/viewvc?rev=1843478=rev >> Log: >> Better method... just check return status >> >>

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t

On Wed, Oct 10, 2018 at 12:27 PM wrote: > Author: jim > Date: Wed Oct 10 17:27:33 2018 > New Revision: 1843478 > > URL: http://svn.apache.org/viewvc?rev=1843478=rev > Log: > Better method... just check return status > > Modified: > httpd/test/framework/trunk/t/ssl/ocsp.t > > Modified: