[core-updates] GnuTLS 3.6.12 test suite failure

  • Done
  • quality assurance status badge
Details
2 participants
  • Efraim Flashner
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Maxim Cournoyer
Severity
normal
M
M
Maxim Cournoyer wrote on 22 Sep 2020 14:36
(name . bug-guix)(address . bug-guix@gnu.org)
874knqxa2i.fsf@gmail.com
Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.

=========================================
GnuTLS 3.6.12: tests/test-suite.log
=========================================

# TOTAL: 411
# PASS: 393
# SKIP: 17
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0

[...]

FAIL: fastopen.sh
=================

Checking Fast open
Echo Server listening on IPv4 0.0.0.0 port 6169...done
Echo Server listening on IPv6 :: port 6169...done
*** Fatal error: Error in the push function.
Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
Processed 1 CA certificate(s).
Resolving 'localhost:6169'...
Connecting to '127.0.0.1:6169' (TFO)...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
Public Key ID:
sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
Public Key PIN:
pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=

- Status: The certificate is trusted.
- Successfully sent 0 certificate(s) to server.
Failure: 1. TLS1.2 handshake should have succeeded!
Exiting via signal 15
FAIL fastopen.sh (exit status: 1)
M
M
Maxim Cournoyer wrote on 23 Sep 2020 03:39
(address . 43561@debbugs.gnu.org)
87lfh1w9sj.fsf@gmail.com
Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:

Toggle quote (43 lines)
> Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.
>
> =========================================
> GnuTLS 3.6.12: tests/test-suite.log
> =========================================
>
> # TOTAL: 411
> # PASS: 393
> # SKIP: 17
> # XFAIL: 0
> # FAIL: 1
> # XPASS: 0
> # ERROR: 0
>
> [...]
>
> FAIL: fastopen.sh
> =================
>
> Checking Fast open
> Echo Server listening on IPv4 0.0.0.0 port 6169...done
> Echo Server listening on IPv6 :: port 6169...done
> *** Fatal error: Error in the push function.
> Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
> Processed 1 CA certificate(s).
> Resolving 'localhost:6169'...
> Connecting to '127.0.0.1:6169' (TFO)...
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
> - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
> Public Key ID:
> sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
> sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
> Public Key PIN:
> pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=
>
> - Status: The certificate is trusted.
> - Successfully sent 0 certificate(s) to server.
> Failure: 1. TLS1.2 handshake should have succeeded!
> Exiting via signal 15
> FAIL fastopen.sh (exit status: 1)

The same happens using gnutls 3.6.15.

Maxim
E
E
Efraim Flashner wrote on 23 Sep 2020 09:19
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 43561@debbugs.gnu.org)
20200923071924.GF896@E5400
On Tue, Sep 22, 2020 at 08:36:21AM -0400, Maxim Cournoyer wrote:
Toggle quote (43 lines)
> Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.
>
> =========================================
> GnuTLS 3.6.12: tests/test-suite.log
> =========================================
>
> # TOTAL: 411
> # PASS: 393
> # SKIP: 17
> # XFAIL: 0
> # FAIL: 1
> # XPASS: 0
> # ERROR: 0
>
> [...]
>
> FAIL: fastopen.sh
> =================
>
> Checking Fast open
> Echo Server listening on IPv4 0.0.0.0 port 6169...done
> Echo Server listening on IPv6 :: port 6169...done
> *** Fatal error: Error in the push function.
> Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
> Processed 1 CA certificate(s).
> Resolving 'localhost:6169'...
> Connecting to '127.0.0.1:6169' (TFO)...
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
> - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
> Public Key ID:
> sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
> sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
> Public Key PIN:
> pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=
>
> - Status: The certificate is trusted.
> - Successfully sent 0 certificate(s) to server.
> Failure: 1. TLS1.2 handshake should have succeeded!
> Exiting via signal 15
> FAIL fastopen.sh (exit status: 1)

gnutls-3.6.14 also still fails after upgrading libgcrypt to 1.8.6.

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl9q9vkACgkQQarn3Mo9
g1F/wA//Wg6hWQhY6vLW5fhLxgw3HxTq1CvZkJmLetFx2zGmQqyF4LElkZ0QESe+
jRVGGDoxry3hKNFvd14vrlslblu6b9E8wVaD+n1e/hT7n/7e/Jn3oXqZr9WHo4Ig
07hYZ1Lvniwmt0O5lqr+1yXU+JLWhIY2Iwq4/ZuD9Ilggbn2CUUb2Nvc6W/MDV58
Zg+z231KGAoKS5WQM/dLcBc3hyFAuZxAQopDP7SQxQj9klQLN28msNEk7kW6dSw5
393v2MfYskQ+AUJ7Z0lbhtb5PFkS1fV6nuhA0EVIpSio3oc3IJy9OSE0LaU7UZhs
+lJTocIX9alANJWrmUqWyWTGjTrrURpNx4hLmsJVrLB2w5CoKhWhsp8UjLd581YG
BVa3Z6S/h3Z7uVIaelXHx64D6PONbc1KqbUNy5BMRfkzeUSzLmeTOOu4nMGyxVoZ
Qv6dOyfKmWbCTnp1b2J+wG4idTrvwYNPx3r8IMZkMtDYFx5lj+tkG6VsDMr3zxt3
ioCyjcu1iCHHh5r7qMDpNbFHNnwonFTGeWgreuNtq72/2ndy0B2qh9Iy2MPTU4ye
EQzK1mJeA0Y6GK+9RUyjStU9wx60Ma7eRPSWEWhM9pbGJjhvIrbNyJ/AGzkhzLeX
9vS12N9SvvzgjENxOmKumTWPBFEPWf+pC1DAQIhQsAzp7X+aSog=
=eJsP
-----END PGP SIGNATURE-----


M
M
Maxim Cournoyer wrote on 24 Sep 2020 04:48
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 43561-done@debbugs.gnu.org)
87a6xfx52v.fsf@gmail.com
Hello Efraim!

Efraim Flashner <efraim@flashner.co.il> writes:

Toggle quote (46 lines)
> On Tue, Sep 22, 2020 at 08:36:21AM -0400, Maxim Cournoyer wrote:
>> Tested on core-updates commit d08f5299e62ca8f5f36f4f6ddf3fcd739d157074.
>>
>> =========================================
>> GnuTLS 3.6.12: tests/test-suite.log
>> =========================================
>>
>> # TOTAL: 411
>> # PASS: 393
>> # SKIP: 17
>> # XFAIL: 0
>> # FAIL: 1
>> # XPASS: 0
>> # ERROR: 0
>>
>> [...]
>>
>> FAIL: fastopen.sh
>> =================
>>
>> Checking Fast open
>> Echo Server listening on IPv4 0.0.0.0 port 6169...done
>> Echo Server listening on IPv6 :: port 6169...done
>> *** Fatal error: Error in the push function.
>> Could not connect to 127.0.0.1:6169: Transport endpoint is already connected
>> Processed 1 CA certificate(s).
>> Resolving 'localhost:6169'...
>> Connecting to '127.0.0.1:6169' (TFO)...
>> - Certificate type: X.509
>> - Got a certificate list of 1 certificates.
>> - Certificate[0] info:
>> - subject `CN=GnuTLS Test Server (RSA certificate)', issuer `CN=GnuTLS Test CA', serial 0x4de0b4ca, RSA key 2432 bits, signed using RSA-SHA256, activated `2011-05-28 08:39:39 UTC', expires `2038-10-12 08:39:40 UTC', pin-sha256="ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE="
>> Public Key ID:
>> sha1:482334530a8931384a5aeacab6d2a6dece1d2b18
>> sha256:6429dcdb1f84533b60e9286712fc2d707c6eb325ea2794492cd0832dcfa554d1
>> Public Key PIN:
>> pin-sha256:ZCnc2x+EUztg6ShnEvwtcHxusyXqJ5RJLNCDLc+lVNE=
>>
>> - Status: The certificate is trusted.
>> - Successfully sent 0 certificate(s) to server.
>> Failure: 1. TLS1.2 handshake should have succeeded!
>> Exiting via signal 15
>> FAIL fastopen.sh (exit status: 1)
>
> gnutls-3.6.14 also still fails after upgrading libgcrypt to 1.8.6.

This only occurs in the build container... and only on core-updates.

I've filed a bug report upstream (though I doubt they'll be able to
reproduce it, understand what it's caused by, given it seems specific to
networking in our build container):

And disabled the fastopen.sh test in our package for now.

Thanks for the feedback!

Closing,

Maxim
Closed
?