Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail to test/sslapitest.c when use option DOPENSSL_TLS_SECURITY_LEVEL=0 in OpenSSL 3.4.0 #26255

Closed
phongnguyen1023 opened this issue Dec 24, 2024 · 2 comments
Closed

Fail to test/sslapitest.c when use option DOPENSSL_TLS_SECURITY_LEVEL=0 in OpenSSL 3.4.0 #26255

phongnguyen1023 opened this issue Dec 24, 2024 · 2 comments
Labels
branch: master Merge to master branch branch: 3.4 Merge to openssl-3.4 triaged: bug The issue/pr is/fixes a bug

Comments

@phongnguyen1023
Copy link

phongnguyen1023 commented Dec 24, 2024
edited
Loading

When build OpenSSL 3.4.0 with option DOPENSSL_TLS_SECURITY_LEVEL=0. In step make test, an error occurred with test/sslapitest.c

# INFO:  @ test/helpers/ssltestlib.c:1289
# SSL_accept() failed -1, 11
# ERROR: (memory) 'p == expected_ciphers' failed @ test/sslapitest.c:735
# --- p
# +++ expected_ciphers
# 0000:-009dc02c00ff
# 0000:+009dc02c
# 
# INFO:  @ test/helpers/ssltestlib.c:1289
# SSL_accept() failed -1, 1
# 40A71ED6677F0000:error:0A0000EA:SSL routines:tls_early_post_process_client_hello:callback failed:ssl/statem/statem_srvr.c:1710:
# INFO:  @ test/helpers/ssltestlib.c:1255
# SSL_connect() failed -1, 1
# 40A71ED6677F0000:error:0A000438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:908:SSL alert number 80
# ERROR: (bool) 'create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE) == true' failed @ test/sslapitest.c:779
# false
# OPENSSL_TEST_RAND_SEED=1734598103
not ok 26 - test_client_hello_cb

I don't know what this error means, please help me claim it and how to fix.
I noticed there is a difference with the old OpenSSL version in
972ee92#diff-ac041dcce48346a57d70403803133a58fb4ac5764e173d7cbfd6db2c2df5afdc
@phongnguyen1023 phongnguyen1023 added the issue: question The issue was opened to ask a question label Dec 24, 2024
@mattcaswell mattcaswell added branch: master Merge to master branch triaged: bug The issue/pr is/fixes a bug branch: 3.4 Merge to openssl-3.4 and removed issue: question The issue was opened to ask a question labels Dec 24, 2024
mattcaswell added a commit to mattcaswell/openssl that referenced this issue Dec 24, 2024
@mattcaswell
Ensure the tests pass even if the default seclevel has been changed
4532887 
The compile time default TLS security level can be changed if the user
sets `-DOPENSSL_TLS_SECURITY_LEVEL=x` at configure time (where "x" is some
number, typically 0 or 1).

Since OpenSSL 3.4 tests are failing if the default security level is 0. We
fix the tests for this case.

Fixes openssl#26255
@mattcaswell mattcaswell mentioned this issue Dec 24, 2024
Closed
@mattcaswell
Copy link
Member

This is a bug in our tests. Fix in #26256.

@phongnguyen1023
Copy link
Author

phongnguyen1023 commented Dec 25, 2024
edited
Loading

I tested it, and the bug is fixed.
Thank your support.

openssl-machine pushed a commit that referenced this issue Dec 26, 2024
@mattcaswell @t8m
Ensure the tests pass even if the default seclevel has been changed
21ef28e 
The compile time default TLS security level can be changed if the user
sets `-DOPENSSL_TLS_SECURITY_LEVEL=x` at configure time (where "x" is some
number, typically 0 or 1).

Since OpenSSL 3.4 tests are failing if the default security level is 0. We
fix the tests for this case.

Fixes #26255

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from #26256)

(cherry picked from commit 2986908)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
branch: master Merge to master branch branch: 3.4 Merge to openssl-3.4 triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure the tests pass even if the default seclevel has been changed mattcaswell/openssl
2 participants
@mattcaswell @phongnguyen1023