[libvirt] [PATCH] tests: detect gnutls errors
* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors. --- Something in gnutls 2.8.5 (RHEL 6) was more leniant than gnutls 2.8.6 (Fedora 14). This still doesn't solve the failure, but at least gets us to see that newer gnutls_x509_privkey_import doesn't like our define of PRIVATE_KEY. tests/virnettlscontexttest.c | 12 ++++++++++-- 1 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index e70cd8b..043ccc2 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -410,10 +410,18 @@ static gnutls_x509_privkey_t testTLSLoadKey(void) { gnutls_x509_privkey_t key; const gnutls_datum_t data = { (unsigned char *)PRIVATE_KEY, strlen(PRIVATE_KEY) }; + int err; - gnutls_x509_privkey_init(&key); + if ((err = gnutls_x509_privkey_init(&key)) < 0) { + VIR_WARN("Failed to init key %s", gnutls_strerror(err)); + abort(); + } - gnutls_x509_privkey_import(key, &data, GNUTLS_X509_FMT_PEM); + if ((err = gnutls_x509_privkey_import(key, &data, + GNUTLS_X509_FMT_PEM)) < 0) { + VIR_WARN("Failed to init key %s", gnutls_strerror(err)); + abort(); + } return key; } -- 1.7.4.4
2011/7/22 Eric Blake <eblake@redhat.com>:
* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors. ---
Something in gnutls 2.8.5 (RHEL 6) was more leniant than gnutls 2.8.6 (Fedora 14). This still doesn't solve the failure, but at least gets us to see that newer gnutls_x509_privkey_import doesn't like our define of PRIVATE_KEY.
Replacing the PRIVATE_KEY with a new one makes the test work better for me with gnutls 2.8.6. I generated the key like this certtool --generate-privkey | sed -e 's/^\(.*\)$/\"\1\\n\" \\/' This gives me this output $ ./virnettlscontexttest TEST: virnettlscontexttest ............................!!!......... 40 ........ 48 FAIL The failing test are those three, that are expected to fail, but don't as it seems /* Expired stuff */ [...] DO_CTX_TEST(true, cacertexpreq, servercertreq, true); DO_CTX_TEST(true, cacertreq, servercertexpreq, true); DO_CTX_TEST(false, cacertreq, clientcertexpreq, true); When we assume that this test worked for Dan with gnutls 2.8.5, what does it means that those three tests are failing for me with gnutls 2.8.6? Here's are some random ideas a) there is a bug in the testcase that causes this b) there is a bug in the tested code in libvirt that causes this c) there is a bug in gnutls 2.8.6 that causes this d) there is a bug in gnutls 2.8.5 that makes the broken test pass e) etc I'm not sure. -- Matthias Bolte http://photron.blogspot.com
On Fri, Jul 22, 2011 at 11:55:02PM +0200, Matthias Bolte wrote:
2011/7/22 Eric Blake <eblake@redhat.com>:
* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors. ---
Something in gnutls 2.8.5 (RHEL 6) was more leniant than gnutls 2.8.6 (Fedora 14). This still doesn't solve the failure, but at least gets us to see that newer gnutls_x509_privkey_import doesn't like our define of PRIVATE_KEY.
Replacing the PRIVATE_KEY with a new one makes the test work better for me with gnutls 2.8.6. I generated the key like this
certtool --generate-privkey | sed -e 's/^\(.*\)$/\"\1\\n\" \\/'
This gives me this output
$ ./virnettlscontexttest TEST: virnettlscontexttest ............................!!!......... 40 ........ 48 FAIL
The failing test are those three, that are expected to fail, but don't as it seems
/* Expired stuff */ [...] DO_CTX_TEST(true, cacertexpreq, servercertreq, true); DO_CTX_TEST(true, cacertreq, servercertexpreq, true); DO_CTX_TEST(false, cacertreq, clientcertexpreq, true);
When we assume that this test worked for Dan with gnutls 2.8.5, what does it means that those three tests are failing for me with gnutls 2.8.6? Here's are some random ideas
a) there is a bug in the testcase that causes this b) there is a bug in the tested code in libvirt that causes this c) there is a bug in gnutls 2.8.6 that causes this d) there is a bug in gnutls 2.8.5 that makes the broken test pass e) etc
This is a regression introduced by commit 5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6 which I have justed fixed in 567b8d69b97827da0e6e7145edb83ec0d7deff86 Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
2011/7/25 Daniel P. Berrange <berrange@redhat.com>:
On Fri, Jul 22, 2011 at 11:55:02PM +0200, Matthias Bolte wrote:
2011/7/22 Eric Blake <eblake@redhat.com>:
* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors. ---
Something in gnutls 2.8.5 (RHEL 6) was more leniant than gnutls 2.8.6 (Fedora 14). This still doesn't solve the failure, but at least gets us to see that newer gnutls_x509_privkey_import doesn't like our define of PRIVATE_KEY.
Replacing the PRIVATE_KEY with a new one makes the test work better for me with gnutls 2.8.6. I generated the key like this
certtool --generate-privkey | sed -e 's/^\(.*\)$/\"\1\\n\" \\/'
This gives me this output
$ ./virnettlscontexttest TEST: virnettlscontexttest ............................!!!......... 40 ........ 48 FAIL
The failing test are those three, that are expected to fail, but don't as it seems
/* Expired stuff */ [...] DO_CTX_TEST(true, cacertexpreq, servercertreq, true); DO_CTX_TEST(true, cacertreq, servercertexpreq, true); DO_CTX_TEST(false, cacertreq, clientcertexpreq, true);
When we assume that this test worked for Dan with gnutls 2.8.5, what does it means that those three tests are failing for me with gnutls 2.8.6? Here's are some random ideas
a) there is a bug in the testcase that causes this b) there is a bug in the tested code in libvirt that causes this c) there is a bug in gnutls 2.8.6 that causes this d) there is a bug in gnutls 2.8.5 that makes the broken test pass e) etc
This is a regression introduced by commit
5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6
which I have justed fixed in
567b8d69b97827da0e6e7145edb83ec0d7deff86
Okay, this fixes the three failing test cases, but I still need to replace the PRIVATE_KEY, otherwise the test still aborts. -- Matthias Bolte http://photron.blogspot.com
On Mon, Jul 25, 2011 at 05:47:25PM +0200, Matthias Bolte wrote:
2011/7/25 Daniel P. Berrange <berrange@redhat.com>:
On Fri, Jul 22, 2011 at 11:55:02PM +0200, Matthias Bolte wrote:
2011/7/22 Eric Blake <eblake@redhat.com>:
* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors. ---
Something in gnutls 2.8.5 (RHEL 6) was more leniant than gnutls 2.8.6 (Fedora 14). This still doesn't solve the failure, but at least gets us to see that newer gnutls_x509_privkey_import doesn't like our define of PRIVATE_KEY.
Replacing the PRIVATE_KEY with a new one makes the test work better for me with gnutls 2.8.6. I generated the key like this
certtool --generate-privkey | sed -e 's/^\(.*\)$/\"\1\\n\" \\/'
This gives me this output
$ ./virnettlscontexttest TEST: virnettlscontexttest ............................!!!......... 40 ........ 48 FAIL
The failing test are those three, that are expected to fail, but don't as it seems
/* Expired stuff */ [...] DO_CTX_TEST(true, cacertexpreq, servercertreq, true); DO_CTX_TEST(true, cacertreq, servercertexpreq, true); DO_CTX_TEST(false, cacertreq, clientcertexpreq, true);
When we assume that this test worked for Dan with gnutls 2.8.5, what does it means that those three tests are failing for me with gnutls 2.8.6? Here's are some random ideas
a) there is a bug in the testcase that causes this b) there is a bug in the tested code in libvirt that causes this c) there is a bug in gnutls 2.8.6 that causes this d) there is a bug in gnutls 2.8.5 that makes the broken test pass e) etc
This is a regression introduced by commit
5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6
which I have justed fixed in
567b8d69b97827da0e6e7145edb83ec0d7deff86
Okay, this fixes the three failing test cases, but I still need to replace the PRIVATE_KEY, otherwise the test still aborts.
Yeah I'm working on that. I generated the key with gnutls 2.10.5 so its probably just something about it that older gnutls does not like. Most likely I'll just send a patch with a key from an ancient gnutls instead, once I've checked up on things. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On Mon, Jul 25, 2011 at 05:47:25PM +0200, Matthias Bolte wrote:
2011/7/25 Daniel P. Berrange <berrange@redhat.com>:
On Fri, Jul 22, 2011 at 11:55:02PM +0200, Matthias Bolte wrote:
2011/7/22 Eric Blake <eblake@redhat.com>:
* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors. ---
Something in gnutls 2.8.5 (RHEL 6) was more leniant than gnutls 2.8.6 (Fedora 14). This still doesn't solve the failure, but at least gets us to see that newer gnutls_x509_privkey_import doesn't like our define of PRIVATE_KEY.
Replacing the PRIVATE_KEY with a new one makes the test work better for me with gnutls 2.8.6. I generated the key like this
certtool --generate-privkey | sed -e 's/^\(.*\)$/\"\1\\n\" \\/'
This gives me this output
$ ./virnettlscontexttest TEST: virnettlscontexttest ............................!!!......... 40 ........ 48 FAIL
The failing test are those three, that are expected to fail, but don't as it seems
/* Expired stuff */ [...] DO_CTX_TEST(true, cacertexpreq, servercertreq, true); DO_CTX_TEST(true, cacertreq, servercertexpreq, true); DO_CTX_TEST(false, cacertreq, clientcertexpreq, true);
When we assume that this test worked for Dan with gnutls 2.8.5, what does it means that those three tests are failing for me with gnutls 2.8.6? Here's are some random ideas
a) there is a bug in the testcase that causes this b) there is a bug in the tested code in libvirt that causes this c) there is a bug in gnutls 2.8.6 that causes this d) there is a bug in gnutls 2.8.5 that makes the broken test pass e) etc
This is a regression introduced by commit
5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6
which I have justed fixed in
567b8d69b97827da0e6e7145edb83ec0d7deff86
Okay, this fixes the three failing test cases, but I still need to replace the PRIVATE_KEY, otherwise the test still aborts.
I've sent a patch which fixes it for my RHEL6 system. Let me know if it works for you too Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
At 07/23/2011 04:13 AM, Eric Blake Write:
* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors. ---
Something in gnutls 2.8.5 (RHEL 6) was more leniant than gnutls 2.8.6 (Fedora 14). This still doesn't solve the failure, but at least gets us to see that newer gnutls_x509_privkey_import doesn't like our define of PRIVATE_KEY.
tests/virnettlscontexttest.c | 12 ++++++++++-- 1 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index e70cd8b..043ccc2 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -410,10 +410,18 @@ static gnutls_x509_privkey_t testTLSLoadKey(void) { gnutls_x509_privkey_t key; const gnutls_datum_t data = { (unsigned char *)PRIVATE_KEY, strlen(PRIVATE_KEY) }; + int err;
- gnutls_x509_privkey_init(&key); + if ((err = gnutls_x509_privkey_init(&key)) < 0) { + VIR_WARN("Failed to init key %s", gnutls_strerror(err)); + abort(); + }
- gnutls_x509_privkey_import(key, &data, GNUTLS_X509_FMT_PEM); + if ((err = gnutls_x509_privkey_import(key, &data, + GNUTLS_X509_FMT_PEM)) < 0) {
This function failed on my box, gnutls_strerror(err) is 'Base64 unexpected header error.' The OS is RHEL6.1GA, and the gnutls's version is 2.8.5-4
+ VIR_WARN("Failed to init key %s", gnutls_strerror(err)); + abort(); + }
return key; }
participants (4)
-
Daniel P. Berrange -
Eric Blake -
Matthias Bolte -
Wen Congyang