Closed Bug 404608 Opened 18 years ago Closed 8 years ago

Failure in SSL interoperability tests

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Version:
3.11.8
Platform:
x86
SunOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME
Milestone:
3.11.10

People

(Reporter: julien.pierre, Assigned: alvolkov.bgs)

Details

The following error was observed in IOPR tests in tinderbox on the 3.11 branch. The full log is at http://tinderbox.mozilla.org/showlog.cgi?log=NSS-Stable-Branch/1195113600.1195115081.15278.gz&fulltext=1 but I don't know how long it will be available. This problem may be due to a clock synchronization problem. selfserv: About to call accept. selfserv: SSL version 0.2 using 128-bit RC4 with 128-bit MD5 MAC selfserv: Server Auth: 1024-bit RSA, Key Exchange: 1024-bit RSA selfserv: subject DN: CN=touquet.red.iplanet.com,E=touquet.red.iplanet.com@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US selfserv: issuer DN: CN=NSS IOPR Test CA 3684,O=BOGUS NSS,L=Mountain View,ST=California,C=US selfserv: 0 cache hits; 0 cache misses, 0 cache not reusable ------- Server output Begin ---------- HTTP/1.1 200 OK Date: Thu, 15 Nov 2007 08:09:54 GMT Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.8 Connection: close Content-Type: text/html; charset=ISO-8859-1 <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US"><head><title>iopr client</title> </head><body>SCRIPT=OK -- DEBUG: Entering getReqData function (8443:touquet.red.iplanet.com:TestUser512-rsa:SSL2_RC4_128_WITH_MD5) <pre>-- DEBUG: Entering configClient function () -- DEBUG: Entering setFunctRefs function (Apache) -- DEBUG: Entering getReqData function (/export/iopr/httpd/conf/iopr/cipher.list:openssl:) -- DEBUG: Entering getSupportedCipherList_Unix function () -- DEBUG: Supported ciphers (ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EXP1024-RC4-MD5:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-DES-CBC-SHA:IDEA-CBC-SHA:EXP-RC2-CBC-MD5:RC4-SHA:RC4-MD5:EXP-RC4-MD5:ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA:EXP-ADH-DES-CBC-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5:RC4-64-MD5:DES-CBC3-MD5:DES-CBC-MD5:IDEA-CBC-MD5:RC2-CBC-MD5:EXP-RC2-CBC-MD5:RC4-MD5:EXP-RC4-MD5:AECDH-NULL-SHA:ECDH-RSA-NULL-SHA:ECDH-ECDSA-NULL-SHA:NULL-SHA:NULL-MD5) -- DEBUG: Entering execClientCmd_Unix () -- DEBUG: Entering convertCipher (SSL2_RC4_128_WITH_MD5) -- DEBUG: Entering verifyCipherSupport (RC4-MD5) -- DEBUG: Return from cipher conversion (-cipher RC4-MD5) -- DEBUG: Executing command (/export/iopr/openssl/bin/openssl s_client -host touquet.red.iplanet.com -port 8443 -cert /export/iopr/httpd/conf/iopr/TestUser512-rsa.crt -key /export/iopr/httpd/conf/iopr/TestUser512-rsa.key -CAfile /export/iopr/httpd/conf/iopr/TestCA.crt.pem -ssl2 -cipher RC4-MD5 -ign_eof < /export/iopr/httpd/cgi-bin/sslreq.dat) depth=1 /C=US/ST=California/L=Mountain View/O=BOGUS NSS/CN=NSS IOPR Test CA 3684 verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=BOGUS NSS/emailAddress=touquet.red.iplanet.com@bogus.com/CN=touquet.red.iplanet.com verify error:num=9:certificate is not yet valid notBefore=Nov 15 08:09:55 2007 GMT verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=BOGUS NSS/emailAddress=touquet.red.iplanet.com@bogus.com/CN=touquet.red.iplanet.com notBefore=Nov 15 08:09:55 2007 GMT verify return:1 CONNECTED(00000003) --- Server certificate -----BEGIN CERTIFICATE----- MIICiDCCAfGgAwIBAgIERzv+0zANBgkqhkiG9w0BAQQFADBuMQswCQYDVQQGEwJV UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzES MBAGA1UEChMJQk9HVVMgTlNTMR4wHAYDVQQDExVOU1MgSU9QUiBUZXN0IENBIDM2 ODQwHhcNMDcxMTE1MDgwOTU1WhcNMTIxMTE1MDgwOTU1WjCBojELMAkGA1UEBhMC VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcx EjAQBgNVBAoTCUJPR1VTIE5TUzEwMC4GCSqGSIb3DQEJARYhdG91cXVldC5yZWQu aXBsYW5ldC5jb21AYm9ndXMuY29tMSAwHgYDVQQDExd0b3VxdWV0LnJlZC5pcGxh bmV0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApNdaffJCFQYoZP4q 3qOEDMEn/SoEmd1uky5A+wm/JomDPq8k6uSkX3hyQvQZSUBmLH5lQEFspG9lvJJk qRJPVJ01T2Azmpgqstgvt5q7P0sSAfkzJJUKGWaDzhGRk+SWy4rYE7M3PRZNkIUZ DxYbtmcLrm7gq69oUGveYbBex1ECAwEAATANBgkqhkiG9w0BAQQFAAOBgQBO7R7I PwCuEioLngwsRnozkKHQbvwqA+OHYcyWVly4N6pv24ElSCDqQNgAYv2W4+ZYVu96 Srv0hIWs6ik4T9MAijTr8/UBx46JI8g8rZ5bUt/vvkKZqAUdn+Q7HlWl1r9Ihwas fFSPytrFsbF1ncR61nCUiibOkZe1CHu92C4ofw== -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=BOGUS NSS/emailAddress=touquet.red.iplanet.com@bogus.com/CN=touquet.red.iplanet.com issuer=/C=US/ST=California/L=Mountain View/O=BOGUS NSS/CN=NSS IOPR Test CA 3684 --- No client certificate CA names sent --- Ciphers common between both SSL endpoints: RC4-MD5 --- SSL handshake has read 754 bytes and written 205 bytes --- New, SSLv2, Cipher is RC4-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv2 Cipher : RC4-MD5 Session-ID: 1509D90F0AD4D606E5219111055E3473 Session-ID-ctx: Master-Key: B45787803EAD3253871575E7FFCD9A57 Key-Arg : None Start Time: 1195114194 Timeout : 300 (sec) Verify return code: 9 (certificate is not yet valid) --- HTTP/1.0 200 OK Server: Generic Web Server Date: Tue, 26 Aug 1997 22:10:05 GMT Content-type: text/plain GET / HTTP/1.0 EOF closed SERVER ERROR: unable to do verification -- DEBUG: Exiting execClientCmd_Unix () SERVER ERROR: Have 1 server errors </pre></body></html>------- Server output End ---------- Checking for errors in log file... SERVER ERROR: unable to do verification SERVER ERROR: Have 1 server errors Found problems. Reseting exit code to failure. ssl.sh: Test SSL2_RC4_128_WITH_MD5. Server params: -vvvc ABCDEFcdefgijklmnvyz produced a returncode of 1, expected is 0 FAILED
Similar error also in http://tinderbox.mozilla.org/showlog.cgi?log=NSS-Stable-Branch/1195120800.1195122273.2416.gz&fulltext=1 Tons of errors in IOPR in : http://tinderbox.mozilla.org/showlog.cgi?log=NSS-Stable-Branch/1195135200.1195136674.27037.gz&fulltext=1
Priority: -- → P2
Target Milestone: --- → 3.11.9
Version: 3.11 → 3.11.8
Target Milestone: 3.11.9 → 3.11.10
Please reopen if this is still happening somewhere.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.