On Mon, Jul 25, 2011 at 05:47:25PM +0200, Matthias Bolte wrote:
2011/7/25 Daniel P. Berrange <berrange(a)redhat.com>:
> On Fri, Jul 22, 2011 at 11:55:02PM +0200, Matthias Bolte wrote:
>> 2011/7/22 Eric Blake <eblake(a)redhat.com>:
>> > * tests/virnettlscontexttest.c (testTLSLoadKey): Report errors.
>> > ---
>> >
>> > Something in gnutls 2.8.5 (RHEL 6) was more leniant than gnutls
>> > 2.8.6 (Fedora 14). This still doesn't solve the failure, but at
>> > least gets us to see that newer gnutls_x509_privkey_import doesn't
>> > like our define of PRIVATE_KEY.
>>
>> Replacing the PRIVATE_KEY with a new one makes the test work better
>> for me with gnutls 2.8.6. I generated the key like this
>>
>> certtool --generate-privkey | sed -e 's/^\(.*\)$/\"\1\\n\"
\\/'
>>
>> This gives me this output
>>
>> $ ./virnettlscontexttest
>> TEST: virnettlscontexttest
>> ............................!!!......... 40
>> ........ 48 FAIL
>>
>> The failing test are those three, that are expected to fail, but don't
>> as it seems
>>
>> /* Expired stuff */
>> [...]
>> DO_CTX_TEST(true, cacertexpreq, servercertreq, true);
>> DO_CTX_TEST(true, cacertreq, servercertexpreq, true);
>> DO_CTX_TEST(false, cacertreq, clientcertexpreq, true);
>>
>> When we assume that this test worked for Dan with gnutls 2.8.5, what
>> does it means that those three tests are failing for me with gnutls
>> 2.8.6? Here's are some random ideas
>>
>> a) there is a bug in the testcase that causes this
>> b) there is a bug in the tested code in libvirt that causes this
>> c) there is a bug in gnutls 2.8.6 that causes this
>> d) there is a bug in gnutls 2.8.5 that makes the broken test pass
>> e) etc
>
> This is a regression introduced by commit
>
> 5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6
>
> which I have justed fixed in
>
> 567b8d69b97827da0e6e7145edb83ec0d7deff86
Okay, this fixes the three failing test cases, but I still need to
replace the PRIVATE_KEY, otherwise the test still aborts.
Yeah I'm working on that. I generated the key with gnutls 2.10.5
so its probably just something about it that older gnutls does not
like. Most likely I'll just send a patch with a key from an ancient
gnutls instead, once I've checked up on things.
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|