Closed
Bug 509656
Opened 15 years ago
Closed 15 years ago
Six tests fail when running all.sh
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 488646
3.12.4
People
(Reporter: wtc, Assigned: slavomir.katuscak+mozilla)
Details
(Whiteboard: PKIX)
If I run all.sh on a non-ECC build, I get six test failures. For example, on Mac OS X with NSS 3.12.3.1 and NSPR 4.7.1, these tests fail: #1779: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -o OID.2.16.840.1.113733.1.7.23.6 #1875: OCSP: Verifying certificate(s) OCSPEE12.cert OCSPCA1.cert with flags -g leaf -m ocsp -d OCSPRootDB -t OCSPRoot #3237: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -o OID.2.16.840.1.113733.1.7.23.6 #3333: OCSP: Verifying certificate(s) OCSPEE12.cert OCSPCA1.cert with flags -g leaf -m ocsp -d OCSPRootDB -t OCSPRoot #5266: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -o OID.2.16.840.1.113733.1.7.23.6 #5362: OCSP: Verifying certificate(s) OCSPEE12.cert OCSPCA1.cert with flags -g leaf -m ocsp -d OCSPRootDB -t OCSPRoot The output.log and results.html files are attached.
|
Reporter | |
Comment 1•15 years ago
|
||
I can't attach output.log because it exceeds the 2MB limit of attachments.
I also found that these six tests also fail in Extended ECC builds.
The six tests seem to be three variants of two tests, with white, blue, and yellow
backgrounds in the results.html page. Here are excerpts of the first two test
failures from output.log for Mac OS X Extended ECC debug build with
NSS 3.12.3.1 and NSPR 4.7.5:
chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -o OID.2.16.840.1.113733.1.7.23.6
vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /Users/wtc/nss-3.12.3.1-2/mozilla/security/nss/tests/libpkix/certs/PayPalEE.cert
Chain is bad, -8164 = This certificate is not valid.
PROBLEM WITH THE CERT CHAIN:
CERT 0. PayPalEE :
ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is pass
chains.sh: #2997: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -o OID.2.16.840.1.113733.1.7.23.6 - FAILED
chains.sh: Verifying certificate(s) OCSPEE12.cert OCSPCA1.cert with flags -g l
eaf -m ocsp -d OCSPRootDB -t OCSPRoot
vfychain -d OCSPRootDB -pp -vv -g leaf -m ocsp /Users/wtc/nss-3.12.3.1-2/moz
illa/security/nss/tests/libpkix/certs/OCSPEE12.cert /Users/wtc/nss-3.12.3.1-2/mo
zilla/security/nss/tests/libpkix/certs/OCSPCA1.cert -t OCSPRoot
Chain is good!
Root Certificate:
Data:
Version: 3 (0x2)
Serial Number: 219193145 (0xd109f39)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
Validity:
Not Before: Thu Feb 19 18:31:46 2009
Not After : Wed Feb 19 18:31:46 2059
Subject: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
ef:28:1c:84:50:5a:2e:bb:7a:ad:5e:2e:fb:61:03:ba:
44:c9:a9:8d:35:fa:78:6c:ac:7b:57:e2:7f:9e:f9:63: 70:15:a9:1c:8a:8d:bb:23:d1:11:7c:37:6c:ca:b0:ea:
60:89:57:06:b1:d3:4c:8c:85:e4:21:57:ea:f6:a3:cd: 61:cc:51:ba:b5:3c:1f:0e:e4:55:6e:0f:04:a0:7a:69:
06:9a:b2:d6:3a:5e:d0:fa:07:12:c4:d3:99:3e:a1:bc: 06:de:3a:d1:24:c5:24:c8:03:f2:66:24:76:93:12:ed: 4e:cc:f9:e9:f5:3b:e5:4a:d3:63:af:01:13:83:ce:f3
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Type
Data: <SSL CA,S/MIME CA,ObjectSigning CA>
Name: Certificate Basic Constraints
Data: Is a CA with no maximum path length.
Name: Certificate Key Usage
Usages: Certificate Signing
CRL Signing
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
b4:2f:33:72:87:24:78:9a:4c:24:ac:6e:92:a7:0e:7f:
32:92:67:79:7b:76:82:88:a5:3c:fd:27:cc:2b:50:f6:
c4:d2:60:e5:42:20:10:25:07:27:aa:de:ae:f7:20:23:
6d:ae:6b:75:25:b6:eb:b3:2c:cb:3e:3b:46:8a:61:de:
6d:8e:0b:de:d4:46:6a:d6:01:44:89:8b:67:b4:47:bc:
43:be:da:4f:e9:6c:58:a9:c7:90:16:c6:ed:c1:3f:48:
7a:47:55:27:ed:b8:6c:17:6f:56:c5:6e:2a:8b:f3:67:
a2:65:6c:b9:f6:71:cd:65:14:4a:40:ea:f1:8f:84:6f
Fingerprint (MD5):
35:8F:91:0E:79:08:B0:8B:CF:1D:03:B5:E0:53:B8:B0
Fingerprint (SHA1):
85:7B:73:CA:B7:90:27:C4:C3:D1:61:C0:C3:4F:05:20:C6:73:19:AE
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
Trusted Client CA
Email Flags:
Valid CA
Trusted CA
Object Signing Flags:
Valid CA
Trusted CA
Certificate 1 Subject: "CN=OCSPEE12 EE,O=OCSPEE12,C=US"
Certificate 2 Subject: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
Returned value is 0, expected result is fail
chains.sh: #3093: OCSP: Verifying certificate(s) OCSPEE12.cert OCSPCA1.cert with flags -g leaf -m ocsp -d OCSPRootDB -t OCSPRoot - FAILEDSummary: Six tests fail when running all.sh on non-ECC builds → Six tests fail when running all.sh
|
||
Comment 2•15 years ago
|
||
Wan-Teh, if these 6 tests fail in non-ECC and extended ECC builds, then why are all the Tinderboxes green?
|
||
Updated•15 years ago
|
Assignee: nobody → slavomir.katuscak
Whiteboard: PKIX
|
Assignee | |
Comment 3•15 years ago
|
||
Wan-Teh, there are 2 different problems: One is expired PayPalEE certificate, this certificate is already updated in trunk for a longer time, Christophe updated it also in 3.12.3.1 minibranch few days ago. Second problem is duplicate of 488646, this is also already fixed in trunk.
|
|
Reporter | |
Comment 4•15 years ago
|
||
Slavo, thanks. Would be nice to add the fix for bug 488646 to your 3.12.3.2 release.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Target Milestone: --- → 3.12.4
You need to log in
before you can comment on or make changes to this bug.
Description
•