[QPID-8043] some broker SSL tests fail on Fedora 26 - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Test
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: qpid-cpp-1.36.0
Fix Version/s: qpid-cpp-1.37.0
Component/s: C++ Tests
Labels:
None

Description

Some of the broker SSL tests fail on Fedora 26, because connection attempts expected to succeed actually fail instead. The same tests pass on Fedora 25 as well as other OSes.

This seems to be due to behaviour in newer 1.1.0 versions of OpenSSL, which Python uses, and in turn this affects the clients used in the test. The server uses NSS.

After some sleuthing the issue was identified as OpenSSL saying the CA was invalid, eventually narrowing down to it being due to 'unsupported certificate purpose', and the CA not being marked as applicable for use as a CA when printing out its purposes. The original cert generated in an NSS cert db is marked for CA use, but this doesn't carry through to the exported PEM based cert file. Comparing the CA cert used on the client side to some from other components tests, the rest all have an extension indicating use for CA purposes.

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Robbie Gemmell

Reporter:: Robbie Gemmell

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Nov/17 15:07

Updated:: 21/Nov/17 13:07

Resolved:: 20/Nov/17 15:12

Agile

View on Board

some broker SSL tests fail on Fedora 26

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment