[libvirt] virnettlscontexttest test fails on Fedora Rawhide x86_64

Still investigating, but the log is attached. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#)

On Thu, Feb 28, 2013 at 11:44:02AM +0000, Richard W.M. Jones wrote:
Still investigating, but the log is attached.
Rich.
-- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
========================================= libvirt 1.0.2: tests/test-suite.log =========================================
# TOTAL: 83 # PASS: 80 # SKIP: 2 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0
.. contents:: :depth: 2
FAIL: virnettlscontexttest ==========================
TEST: virnettlscontexttest 1) TLS Context ... OK 2) TLS Context ... OK 3) TLS Context ... OK 4) TLS Context ... OK 5) TLS Context ... OK 6) TLS Context ... libvir: XML-RPC error : Our own certificate servercert.pem failed validation against cacert5.pem: The certificate is not trusted. FAILED
In that test case we're creating a CA cert which has the key-usage policy set to "digital signature" instead of "key signing". However we also set the flag "non-critical" so a failing key usage policy check should still result in a pass from cert validation. Sounds like gnutls3 isn't liking this. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

On Thu, Feb 28, 2013 at 11:53:12AM +0000, Daniel P. Berrange wrote: [...]
In that test case we're creating a CA cert which has the key-usage policy set to "digital signature" instead of "key signing". However we also set the flag "non-critical" so a failing key usage policy check should still result in a pass from cert validation. Sounds like gnutls3 isn't liking this.
I've filed this bug, initially against libvirt although it probably needs to be reassigned to gnutls: https://bugzilla.redhat.com/show_bug.cgi?id=916603 I have also added a patch to the Rawhide libvirt package to disable this test for now. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/
participants (2)
-
Daniel P. Berrange
-
Richard W.M. Jones