Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2

OpenSSL run-checker openssl at openssl.org
Fri Jan 22 21:13:38 UTC 2021


Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2

Commit log since last time:

3aa7212e0a ktls: Initial support for ChaCha20-Poly1305
5b57aa24c3 Ensure SRP BN_mod_exp follows the constant time path
53d650d1f3 ec_kmgmt.c: OSSL_PKEY_PARAM_DEFAULT_DIGEST is gettable param for EC/SM2 keys
d8ab30be9c X509v3_get_ext_by_NID.pod: Add warning on counter-intuitive behavior of X509v3_delete_ext() etc.
05458fdb73 apps/x509.c: Make -x509toreq respect -clrext, -sigopt, and -extfile options
b9fbacaa7b apps/x509.c: Add -copy_extensions option, used when transforming x509 <-> req
1d1d23128f 80-test_ssl_old.t: Minor corrections: update name of test dir etc.
03f4e3ded6 apps.c: Clean up copy_extensions()
2367238ced X509_REQ_print_ex(): Correct indentation of extensions, which are attributes
db6a47b10d X509_REQ_print_ex(): Replace weird 'a0:00' output on empty attributes by '(none)'
743975c7e5 constify X509_REQ_add_extensions() and X509_REQ_add_extensions_nid()
b24cfd6bf4 apps/x509.c: Major code, user guidance, and documentation cleanup
7c5237e1d7 apps/x509.c: Take the -signkey arg as default pubkey with -new
49b36afb0b 25-test_x509.t: Make test case w.r.t. self-issued cert run also without EC enabled
abc4439c92 25-test_x509.t: Minor update: factor out path for test input files
8cadc51706 25-test_x509.t: Minor update: do not anymore unlink test output files
63162e3d55 X509: Enable printing cert even with invalid validity times, saying 'Bad time value'
b09aa550d3 ASN1_TIME_print() etc.: Improve doc and add comment on handling invalid time input
9495cfbc22 make various test CA certs RFC 5280 compliant w.r.t. X509 extensions
3d63348a87 apps/genpkey.c: Use PEM_read_bio_Parameters_ex when reading parameters
ac6ea3a7c5 test-gendsa: Add test cases with FIPS provider
07b6068d24 x509_vfy.c: Rename CHECK_CB() to the more intuitively readable CB_FAIL_IF()
3e878d924f Remove pkey_downgrade from PKCS7 code
c972577684 util/check-format.pl: Minor improvements of whitespace checks
83b6dc8dc7 Deprecate OCSP_xxx API for OSSL_HTTP_xxx
fee0af0863 DOCS: Fix the last few remaining pass phrase options references
47b784a41b Fix memory leak in mac_newctx() on error
038f4dc68e Fix PKCS7 potential segfault
84af8027c5 CMS: Fix NULL access if d2i_CMS_bio() is not passed a CMS_ContentInfo**.
0d83b7b903 Rename EVP_CIPHER_CTX_get_iv and EVP_CIPHER_CTX_get_iv_state for clarity
3aff5b4bac Update SERVER_HELLO_MAX_LENGTH

Build log ended with (last 100 lines):

        # SSL_accept() failed -1, 1
        # 80A1A91F067F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../openssl/ssl/t1_lib.c:3308:
        # INFO:  @ ../openssl/test/helpers/ssltestlib.c:942
        # SSL_connect() failed -1, 1
        # 80A1A91F067F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:../openssl/ssl/record/rec_layer_d1.c:613:SSL alert number 80
        # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6482
        # false
        not ok 2 - iteration 2
# ------------------------------------------------------------------------------
    not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/rgqHnbmgO5 default ../../../openssl/test/default.cnf => 1
not ok 1 - running sslapitest
# ------------------------------------------------------------------------------
    # INFO:  @ ../openssl/test/helpers/ssltestlib.c:942
    # SSL_connect() failed -1, 1
    # 80C1282EC17F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
    # INFO:  @ ../openssl/test/helpers/ssltestlib.c:960
    # SSL_accept() failed -1, 1
    # 80C1282EC17F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
    # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:852
    # false
    not ok 3 - test_large_message_dtls
# ------------------------------------------------------------------------------
    # INFO:  @ ../openssl/test/helpers/ssltestlib.c:942
    # SSL_connect() failed -1, 1
    # 80C1282EC17F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
    # INFO:  @ ../openssl/test/helpers/ssltestlib.c:960
    # SSL_accept() failed -1, 1
    # 80C1282EC17F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
    # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:1333
    # false
    # ERROR: (bool) 'execute_cleanse_plaintext(DTLS_server_method(), DTLS_client_method(), DTLS1_VERSION, 0) == true' failed @ ../openssl/test/sslapitest.c:1411
    # false
    not ok 4 - test_cleanse_plaintext
# ------------------------------------------------------------------------------
        # INFO:  @ ../openssl/test/helpers/ssltestlib.c:942
        # SSL_connect() failed -1, 1
        # 80C1282EC17F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
        # INFO:  @ ../openssl/test/helpers/ssltestlib.c:960
        # SSL_accept() failed -1, 1
        # 80C1282EC17F0000:error:0A000129:SSL routines:tls_setup_handshake:no suitable digest algorithm:../openssl/ssl/statem/statem_lib.c:121:The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers
        # ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ ../openssl/test/sslapitest.c:6482
        # false
        not ok 2 - iteration 2
# ------------------------------------------------------------------------------
    not ok 53 - test_ssl_pending
# ------------------------------------------------------------------------------
../../util/wrap.pl ../../test/sslapitest ../../../openssl/test/certs ../../../openssl/test/recipes/90-test_sslapi_data/passwd.txt /tmp/rgqHnbmgO5 fips ../../../openssl/test/fips-and-base.cnf => 1
not ok 3 - running sslapitest
# ------------------------------------------------------------------------------
#   Failed test 'running sslapitest'
#   at ../openssl/test/recipes/90-test_sslapi.t line 45.
# Looks like you failed 2 tests of 3.90-test_sslapi.t ................... 
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/3 subtests 
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_boringssl.t ....... skipped: No external tests in this configuration
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok

Test Summary Report
-------------------
80-test_dtls.t                   (Wstat: 256 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
80-test_ssl_new.t                (Wstat: 768 Tests: 31 Failed: 3)
  Failed tests:  8, 17, 19
  Non-zero exit status: 3
90-test_sslapi.t                 (Wstat: 512 Tests: 3 Failed: 2)
  Failed tests:  1, 3
  Non-zero exit status: 2
Files=228, Tests=3596, 918 wallclock secs (14.23 usr  1.31 sys + 825.33 cusr 89.14 csys = 930.01 CPU)
Result: FAIL
make[1]: *** [Makefile:3270: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2'
make: *** [Makefile:3267: tests] Error 2


More information about the openssl-commits mailing list