Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Pending Closed
-
proton-0.9.1, proton-0.10, proton-0.11.0
-
None
-
Ubuntu 14.04, cyrus sasl 2.1.25
Description
If you have the Cyrus SASL OTP module installed (debian package libsasl2-modules-otp):
While running 'ctest' the python-test fails in a lot of SSL tests but only if SASL has been initialised first. So if you run many of the failing tests by them selves using proton-test directly they will succeed.
The first error in a full test run looks like:
1: proton_tests.sasl.SSLSASLTest.testSSLExternalSimple ..................... fail 1: Error during setup: Traceback (most recent call last): 1: File "/home/andrew/src/proton/qpid-proton-0.10/tests/python/proton-test", line 360, in run 1: phase() 1: File "/home/andrew/src/proton/qpid-proton-0.10/tests/python/proton_tests/sasl.py", line 373, in setup 1: self.server_domain = SSLDomain(SSLDomain.MODE_SERVER) 1: File "/home/andrew/src/proton/qpid-proton-0.10/proton-c/bindings/python/proton/__init__.py", line 3490, in __init__ 1: raise SSLUnavailable() 1: SSLUnavailable
It seems that the underlying cause here is that the Cyrus sasl otp code uses libcrypt which has some global initialisation.
If the otp code gets there first it initiialises libcrypt in a way which makes
this line of code in the proton openssl code fail:
[line 482 of openssl.c]
domain->ctx = SSL_CTX_new(SSLv23_server_method()); // and TLSv1+
It is highly plausible that other cyrus sasl mechs that also use ssl and are actually initialised could also cause this problem (at least sql & ldap) however in my test environment they aren't initialised.