Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8043

some broker SSL tests fail on Fedora 26


    • Type: Test
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: qpid-cpp-1.36.0
    • Fix Version/s: qpid-cpp-1.37.0
    • Component/s: C++ Tests
    • Labels:


      Some of the broker SSL tests fail on Fedora 26, because connection attempts expected to succeed actually fail instead. The same tests pass on Fedora 25 as well as other OSes.

      This seems to be due to behaviour in newer 1.1.0 versions of OpenSSL, which Python uses, and in turn this affects the clients used in the test. The server uses NSS.

      After some sleuthing the issue was identified as OpenSSL saying the CA was invalid, eventually narrowing down to it being due to 'unsupported certificate purpose', and the CA not being marked as applicable for use as a CA when printing out its purposes. The original cert generated in an NSS cert db is marked for CA use, but this doesn't carry through to the exported PEM based cert file. Comparing the CA cert used on the client side to some from other components tests, the rest all have an extension indicating use for CA purposes.




            • Assignee:
              gemmellr Robbie Gemmell
              gemmellr Robbie Gemmell
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: