baffled on old Red Hat Enterprise Linux 6 with OpenSSL 3.0.3
Dennis Clarke
dclarke at blastwave.org
Thu Jun 9 20:20:31 UTC 2022
On 6/9/22 16:13, Dennis Clarke via openssl-users wrote:
> On 6/9/22 15:33, Dmitry Belyavsky wrote:
>> It happens because of certificates expiration. Try applying the patch
>> from
>> https://github.com/openssl/openssl/pull/18444
>>
>
> Oh cool. Thank you. Sadly I do not see a patch file there.
>
> Do you mean this ?
>
> https://raw.githubusercontent.com/t8m/openssl/456de6e73c05fc413aacedcdd551e2a259f93262/test/certs/embeddedSCTs1_issuer.pem
>
>
> -----BEGIN CERTIFICATE-----
> MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
> MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
> YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
> ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
> YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
> gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
> 0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
> SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
> acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
> wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
> CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
> MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
> AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
> +uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
> 2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
> Doud4XrO
> -----END CERTIFICATE-----
>
>
I am not sure what that did but perhaps the test gets skipped in a
non-FIPS mode anyways :
Test Summary Report
-------------------
80-test_ssl_new.t (Wstat: 256 (exited 1) Tests: 30 Failed: 1)
Failed test: 12
Non-zero exit status: 1
Files=243, Tests=2874, 2643 wallclock secs (37.47 usr 3.44 sys +
2459.19 cusr 150.04 csys = 2650.14 CPU)
Result: FAIL
make[1]: *** [run_tests] Error 1
make[1]: Leaving directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
make: *** [tests] Error 2
real 2653.41
user 2506.74
sys 153.91
mimas$
Replace that cert file test/certs/embeddedSCTs1_issuer.pem and then :
mimas$ make V=1 TESTS='80-test_ssl_new.t' test
make depend && make _tests
make[1]: Entering directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
make[1]: Leaving directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
make[1]: Entering directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
( SRCTOP=. \
BLDTOP=. \
PERL="/opt/bw/bin/perl" \
FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
EXE_EXT= \
/opt/bw/bin/perl ./test/run_tests.pl 80-test_ssl_new.t )
Test 80-test_ssl_new.t found no match, skipping addition...
00-prep_fipsmodule_cnf.t ..
# The results of this test will end up in test-runs/prep_fipsmodule
1..0 # SKIP FIPS module config file only supported in a fips build
skipped: FIPS module config file only supported in a fips build
Files=1, Tests=0, 1 wallclock secs ( 0.06 usr 0.01 sys + 1.36 cusr
0.05 csys = 1.48 CPU)
Result: NOTESTS
Files=0, Tests=0, 0 wallclock secs ( 0.00 usr + 0.00 sys = 0.00 CPU)
Result: NOTESTS
make[1]: Leaving directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
mimas$
So maybe this is a nothing. Hard to say.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
More information about the openssl-users
mailing list