[core-updates] GnuTLS 3.6.12 test suite failure

  • Done
  • quality assurance status badge
Details
2 participants
  • Efraim Flashner
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Maxim Cournoyer
Severity
normal
M
M
Maxim Cournoyer wrote on 22 Sep 2020 14:36
(name . bug-guix)(address . bug-guix@gnu.org)
874knqxa2i.fsf@gmail.com
Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.

=========================================
GnuTLS 3.6.12: tests/test-suite.log
=========================================

# TOTAL: 411
# PASS: 393
# SKIP: 17
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0

[...]

FAIL: fastopen.sh
=================

Checking Fast open
Echo Server listening on IPv4 0.0.0.0 port 6169...done
Echo Server listening on IPv6 :: port 6169...done
*** Fatal error: Error in the push function.
Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
Processed 1 CA certificate(s).
Resolving 'localhost:6169'...
Connecting to '127.0.0.1:6169' (TFO)...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
Public Key ID:
sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
Public Key PIN:
pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=

- Status: The certificate is trusted.
- Successfully sent 0 certificate(s) to server.
Failure: 1. TLS1.2 handshake should have succeeded!
Exiting via signal 15
FAIL fastopen.sh (exit status: 1)
M
M
Maxim Cournoyer wrote on 23 Sep 2020 03:39
(address . 43561@debbugs.gnu.org)
87lfh1w9sj.fsf@gmail.com
Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:

Toggle quote (43 lines)
> Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.
>
> =========================================
> GnuTLS 3.6.12: tests/test-suite.log
> =========================================
>
> # TOTAL: 411
> # PASS: 393
> # SKIP: 17
> # XFAIL: 0
> # FAIL: 1
> # XPASS: 0
> # ERROR: 0
>
> [...]
>
> FAIL: fastopen.sh
> =================
>
> Checking Fast open
> Echo Server listening on IPv4 0.0.0.0 port 6169...done
> Echo Server listening on IPv6 :: port 6169...done
> *** Fatal error: Error in the push function.
> Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
> Processed 1 CA certificate(s).
> Resolving 'localhost:6169'...
> Connecting to '127.0.0.1:6169' (TFO)...
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
> - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
> Public Key ID:
> sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
> sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
> Public Key PIN:
> pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=
>
> - Status: The certificate is trusted.
> - Successfully sent 0 certificate(s) to server.
> Failure: 1. TLS1.2 handshake should have succeeded!
> Exiting via signal 15
> FAIL fastopen.sh (exit status: 1)

The same happens using gnutls 3.6.15.

Maxim
E
E
Efraim Flashner wrote on 23 Sep 2020 09:19
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 43561@debbugs.gnu.org)
20200923071924.GF896@E5400
On Tue, Sep 22, 2020 at 08:36:21AM -0400, Maxim Cournoyer wrote:
Toggle quote (43 lines)
> Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.
>
> =========================================
> GnuTLS 3.6.12: tests/test-suite.log
> =========================================
>
> # TOTAL: 411
> # PASS: 393
> # SKIP: 17
> # XFAIL: 0
> # FAIL: 1
> # XPASS: 0
> # ERROR: 0
>
> [...]
>
> FAIL: fastopen.sh
> =================
>
> Checking Fast open
> Echo Server listening on IPv4 0.0.0.0 port 6169...done
> Echo Server listening on IPv6 :: port 6169...done
> *** Fatal error: Error in the push function.
> Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
> Processed 1 CA certificate(s).
> Resolving 'localhost:6169'...
> Connecting to '127.0.0.1:6169' (TFO)...
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
> - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
> Public Key ID:
> sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
> sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
> Public Key PIN:
> pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=
>
> - Status: The certificate is trusted.
> - Successfully sent 0 certificate(s) to server.
> Failure: 1. TLS1.2 handshake should have succeeded!
> Exiting via signal 15
> FAIL fastopen.sh (exit status: 1)

gnutls-3.6.14 also still fails after upgrading libgcrypt to 1.8.6.

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl9q9vkACgkQQarn3Mo9
g1F/wA//Wg6hWQhY6vLW5fhLxgw3HxTq1CvZkJmLetFx2zGmQqyF4LElkZ0QESe+
jRVGGDoxry3hKNFvd14vrlslblu6b9E8wVaD+n1e/hT7n/7e/Jn3oXqZr9WHo4Ig
07hYZ1Lvniwmt0O5lqr+1yXU+JLWhIY2Iwq4/ZuD9Ilggbn2CUUb2Nvc6W/MDV58
Zg+z231KGAoKS5WQM/dLcBc3hyFAuZxAQopDP7SQxQj9klQLN28msNEk7kW6dSw5
393v2MfYskQ+AUJ7Z0lbhtb5PFkS1fV6nuhA0EVIpSio3oc3IJy9OSE0LaU7UZhs
+lJTocIX9alANJWrmUqWyWTGjTrrURpNx4hLmsJVrLB2w5CoKhWhsp8UjLd581YG
BVa3Z6S/h3Z7uVIaelXHx64D6PONbc1KqbUNy5BMRfkzeUSzLmeTOOu4nMGyxVoZ
Qv6dOyfKmWbCTnp1b2J+wG4idTrvwYNPx3r8IMZkMtDYFx5lj+tkG6VsDMr3zxt3
ioCyjcu1iCHHh5r7qMDpNbFHNnwonFTGeWgreuNtq72/2ndy0B2qh9Iy2MPTU4ye
EQzK1mJeA0Y6GK+9RUyjStU9wx60Ma7eRPSWEWhM9pbGJjhvIrbNyJ/AGzkhzLeX
9vS12N9SvvzgjENxOmKumTWPBFEPWf+pC1DAQIhQsAzp7X+aSog=
=eJsP
-----END PGP SIGNATURE-----


M
M
Maxim Cournoyer wrote on 24 Sep 2020 04:48
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 43561-done@debbugs.gnu.org)
87a6xfx52v.fsf@gmail.com
Hello Efraim!

Efraim Flashner <efraim@flashner.co.il> writes:

Toggle quote (46 lines)
> On Tue, Sep 22, 2020 at 08:36:21AM -0400, Maxim Cournoyer wrote:
>> Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.
>>
>> =========================================
>> GnuTLS 3.6.12: tests/test-suite.log
>> =========================================
>>
>> # TOTAL: 411
>> # PASS: 393
>> # SKIP: 17
>> # XFAIL: 0
>> # FAIL: 1
>> # XPASS: 0
>> # ERROR: 0
>>
>> [...]
>>
>> FAIL: fastopen.sh
>> =================
>>
>> Checking Fast open
>> Echo Server listening on IPv4 0.0.0.0 port 6169...done
>> Echo Server listening on IPv6 :: port 6169...done
>> *** Fatal error: Error in the push function.
>> Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
>> Processed 1 CA certificate(s).
>> Resolving 'localhost:6169'...
>> Connecting to '127.0.0.1:6169' (TFO)...
>> - Certificate type: X.509
>> - Got a certificate list of 1 certificates.
>> - Certificate[0] info:
>> - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
>> Public Key ID:
>> sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
>> sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
>> Public Key PIN:
>> pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=
>>
>> - Status: The certificate is trusted.
>> - Successfully sent 0 certificate(s) to server.
>> Failure: 1. TLS1.2 handshake should have succeeded!
>> Exiting via signal 15
>> FAIL fastopen.sh (exit status: 1)
>
> gnutls-3.6.14 also still fails after upgrading libgcrypt to 1.8.6.

This only occurs in the build container... and only on core-updates.

I've filed a bug report upstream (though I doubt they'll be able to
reproduce it, understand what it's caused by, given it seems specific to
networking in our build container):

And disabled the fastopen.sh test in our package for now.

Thanks for the feedback!

Closing,

Maxim
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 43561@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 43561
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch