Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8043

some broker SSL tests fail on Fedora 26

    XMLWordPrintableJSON

    Details

    • Type: Test
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: qpid-cpp-1.36.0
    • Fix Version/s: qpid-cpp-1.37.0
    • Component/s: C++ Tests
    • Labels:
      None

      Description

      Some of the broker SSL tests fail on Fedora 26, because connection attempts expected to succeed actually fail instead. The same tests pass on Fedora 25 as well as other OSes.

      This seems to be due to behaviour in newer 1.1.0 versions of OpenSSL, which Python uses, and in turn this affects the clients used in the test. The server uses NSS.

      After some sleuthing the issue was identified as OpenSSL saying the CA was invalid, eventually narrowing down to it being due to 'unsupported certificate purpose', and the CA not being marked as applicable for use as a CA when printing out its purposes. The original cert generated in an NSS cert db is marked for CA use, but this doesn't carry through to the exported PEM based cert file. Comparing the CA cert used on the client side to some from other components tests, the rest all have an extension indicating use for CA purposes.

        Attachments

          Activity

            People

            • Assignee:
              robbie Robbie Gemmell
              Reporter:
              robbie Robbie Gemmell
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: