[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NOTICE: Intent to T&R 2.4.36

I thought the whole intent for a quick 2.4.36 was for TLSv1.3 support.

If that's not ready for prime time, then why a release??

On Oct 10, 2018, at 2:11 PM, Daniel Ruggeri <DRuggeri@xxxxxxxxxxx> wrote:

On 2018-10-10 07:30, Joe Orton wrote:
On Tue, Oct 09, 2018 at 03:29:49PM -0500, Daniel Ruggeri wrote:
Hi, all;
  I ran through my usual testing routine, this time with OpenSSL 1.1.1, but
found several test failures. In the past, these issues have been isolated to
my environment so I just wanted to drop a line to see if anyone has run the
test suite against 2.4.x lately and can corroborate this result? If not, I
can debug my environment.
TLSv1.3 testing is still a mess with OpenSSL 1.1.1, sorry.  I have
updated the test suite just now to disable TLSv1.3 testing for most
people.  We need updates to Net::SSLeay (the latest upstream has the
patch) and IO::Socket::SSL, but the latter is not patched upstream, so I
can't make an accurate test for that yet.
At worst, forcibly testing with:
 ./t/TEST -sslproto 'all -TLSv1.2'
should now be possible.
(If using an existing check-out of the test suite don't forget to re-run
"make" before running ./t/TEST -conf to regenerate the config...)
Let me know if that's not made any difference for you.
I don't know why t/modules/http2.t is failing but I see that here too.

Thanks Joe and Bill.

Yep, when flipping back over to OpenSSL 1.1.0i, everything works A-OK. Even the H2 failure irons itself out. It's a bummer to hear TLS 1.3 testing isn't up to snuff with this being the major feature of the release.

I also just wiped the environment, recompiled everything from scratch (same versions noted below) and reran the tests with the latest test framework and see that the recent changes to the framework leave only the failing h2 test (which doesn't happen w/ 1.1.0i). So... I think it was indeed localized to the test framework.

I'm also happy to see the H2 EOS fix in, too!

So... I think I'm content with the results and am ready to T&R!

Regards, Joe
Test Summary Report
t/modules/http2.t                 (Wstat: 0 Tests: 24 Failed: 0)
 Parse errors: Bad plan.  You planned 52 tests but ran 24.
t/security/CVE-2009-3555.t        (Wstat: 0 Tests: 4 Failed: 2)
 Failed tests:  3-4
t/ssl/basicauth.t                 (Wstat: 0 Tests: 4 Failed: 2)
 Failed tests:  2-3
t/ssl/env.t                       (Wstat: 0 Tests: 30 Failed: 15)
 Failed tests:  16-30
t/ssl/extlookup.t                 (Wstat: 0 Tests: 4 Failed: 4)
 Failed tests:  1-4
t/ssl/fakeauth.t                  (Wstat: 0 Tests: 3 Failed: 2)
 Failed tests:  2-3
t/ssl/ocsp.t                      (Wstat: 0 Tests: 3 Failed: 1)
 Failed test:  3
t/ssl/require.t                   (Wstat: 0 Tests: 10 Failed: 3)
 Failed tests:  2, 5, 9
t/ssl/varlookup.t                 (Wstat: 0 Tests: 83 Failed: 83)
 Failed tests:  1-83
t/ssl/verify.t                    (Wstat: 0 Tests: 3 Failed: 1)
 Failed test:  2
Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr  0.28 sys + 48.46 cusr
11.08 csys = 61.68 CPU)
Versions at play were:
   name: Linux
   release: 3.16.0-4-amd64
   version: #1 SMP Debian 3.16.51-3 (2017-12-13)
   machine: x86_64
   openssl: "1.1.1"
   openldap: "2.4.46"
   apr: "1.6.5"
   apr-util: "1.6.1"
   iconv: "1.2.2"
   brotli: "1.0.6"
   nghttp2: "1.34.0"
   zlib: "1.2.11"
   pcre: "8.42"
   libxml2: "2.9.8"
   php: "5.6.38"
   lua: "5.3.5"
   curl: "7.61.1"
Anything look obviously crazy/wrong?
Daniel Ruggeri
On 2018-10-09 06:36, Daniel Ruggeri wrote:
> Hi, all;
>  Barring any major disagreement in the next several hours, I intend to
> T&R our next version later today or early tomorrow.
> Hooray for TLS 1.3!
> --
> Daniel Ruggeri

Daniel Ruggeri