baffled on old Red Hat Enterprise Linux 6 with OpenSSL 3.0.3

Dennis Clarke dclarke at blastwave.org
Thu Jun 9 20:20:31 UTC 2022 

On 6/9/22 16:13, Dennis Clarke via openssl-users wrote:
> On 6/9/22 15:33, Dmitry Belyavsky wrote:
>> It happens because of certificates expiration. Try applying the patch 
>> from
>> https://github.com/openssl/openssl/pull/18444
>>
> 
> Oh cool. Thank you.  Sadly I do not see a patch file there.
> 
> Do you mean this ?
> 
> https://raw.githubusercontent.com/t8m/openssl/456de6e73c05fc413aacedcdd551e2a259f93262/test/certs/embeddedSCTs1_issuer.pem 
> 
> 
> -----BEGIN CERTIFICATE-----
> MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
> MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
> YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
> ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
> YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
> gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
> 0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
> SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
> acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
> wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
> CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
> MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
> AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
> +uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
> 2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
> Doud4XrO
> -----END CERTIFICATE-----
> 
> 

I am not sure what that did but perhaps the test gets skipped in a
non-FIPS mode anyways :

Test Summary Report
-------------------
80-test_ssl_new.t                (Wstat: 256 (exited 1) Tests: 30 Failed: 1)
   Failed test:  12
   Non-zero exit status: 1
Files=243, Tests=2874, 2643 wallclock secs (37.47 usr  3.44 sys + 
2459.19 cusr 150.04 csys = 2650.14 CPU)
Result: FAIL
make[1]: *** [run_tests] Error 1
make[1]: Leaving directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
make: *** [tests] Error 2
real 2653.41
user 2506.74
sys 153.91
mimas$

Replace that cert file  test/certs/embeddedSCTs1_issuer.pem and then :


mimas$ make V=1 TESTS='80-test_ssl_new.t' test
make depend && make _tests
make[1]: Entering directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
make[1]: Leaving directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
make[1]: Entering directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
( SRCTOP=. \
           BLDTOP=. \
           PERL="/opt/bw/bin/perl" \
 
FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
           EXE_EXT= \
           /opt/bw/bin/perl ./test/run_tests.pl 80-test_ssl_new.t )
Test 80-test_ssl_new.t found no match, skipping addition...
00-prep_fipsmodule_cnf.t ..
# The results of this test will end up in test-runs/prep_fipsmodule
1..0 # SKIP FIPS module config file only supported in a fips build
skipped: FIPS module config file only supported in a fips build
Files=1, Tests=0,  1 wallclock secs ( 0.06 usr  0.01 sys +  1.36 cusr 
0.05 csys =  1.48 CPU)
Result: NOTESTS
Files=0, Tests=0,  0 wallclock secs ( 0.00 usr +  0.00 sys =  0.00 CPU)
Result: NOTESTS
make[1]: Leaving directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
mimas$

So maybe this is a nothing. Hard to say.


-- 
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional

More information about the openssl-users mailing list