Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8043

some broker SSL tests fail on Fedora 26

    XMLWordPrintableJSON

Details

    • Test
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • qpid-cpp-1.36.0
    • qpid-cpp-1.37.0
    • C++ Tests
    • None

    Description

      Some of the broker SSL tests fail on Fedora 26, because connection attempts expected to succeed actually fail instead. The same tests pass on Fedora 25 as well as other OSes.

      This seems to be due to behaviour in newer 1.1.0 versions of OpenSSL, which Python uses, and in turn this affects the clients used in the test. The server uses NSS.

      After some sleuthing the issue was identified as OpenSSL saying the CA was invalid, eventually narrowing down to it being due to 'unsupported certificate purpose', and the CA not being marked as applicable for use as a CA when printing out its purposes. The original cert generated in an NSS cert db is marked for CA use, but this doesn't carry through to the exported PEM based cert file. Comparing the CA cert used on the client side to some from other components tests, the rest all have an extension indicating use for CA purposes.

      Attachments

        Activity

          People

            robbie Robbie Gemmell
            robbie Robbie Gemmell
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: