Open
Bug 464907
Opened 16 years ago
Updated 1 year ago
Vfychain exited with return value 0 even if test failed.
Categories
(NSS :: Test, defect, P2)
Tracking
(Not tracked)
REOPENED
3.12.3
People
(Reporter: slavomir.katuscak+mozilla, Unassigned)
References
Details
Attachments
(1 file)
|
1.07 KB,
patch
|
alvolkov.bgs
:
review+
|
Details | Diff | Splinter Review |
Occured on: jesma51 MINGW32_NT-5.2 64bit DBG on 2008/11/13 18:10:47 (Tinderbox)
Vfychain test with inhibit any policy extension with level 5 was expected to fail (negative test). Even if output looks like vfychain test really failed, exit value was most probably 0.
Log:
---
vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der
Chain is bad, -8172 = Peer's certificate issuer has been marked as not trusted by the user.
PROBLEM WITH THE CERT CHAIN:
CERT 9. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
CN=RootCA ROOT CA,O=RootCA,C=US
chains.sh: #2636: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -o OID.1.0 -t RootCA.der - FAILED
---
Status PASSED/FAILED is reported by functions, html_passed()/html_failed().
Algorithm in chains.sh to choose which to call is:
if [ "${EXP_RESULT}" = "pass" -a ${RESULT} -eq 0 ]; then
html_passed "${SCENARIO}${TESTNAME}"
elif [ "${EXP_RESULT}" = "fail" -a ${RESULT} -ne 0 ]; then
html_passed "${SCENARIO}${TESTNAME}"
else
html_failed "${SCENARIO}${TESTNAME}"
fi
EXP_RESULT was set to fail for this test, so it seems that exit value was 0, otherwise it will pass [ "${EXP_RESULT}" = "fail" -a ${RESULT} -ne 0 ] check. (It was ran 4 times in 4 cycles, other cycles had correct results, only once it failed).
|
Reporter | |
Comment 1•16 years ago
|
||
Patch to log return value + expected value. Can help with troubleshooting next time when this problem occurs.
Attachment #348175 -
Flags: review?(alexei.volkov.bugs)
|
||
Updated•16 years ago
|
Attachment #348175 -
Flags: review?(alexei.volkov.bugs) → review+
|
|
Reporter | |
Comment 2•16 years ago
|
||
Checking in chains.sh; /cvsroot/mozilla/security/nss/tests/chains/chains.sh,v <-- chains.sh new revision: 1.8; previous revision: 1.7 done
|
|
Reporter | |
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
|
|
Reporter | |
Updated•16 years ago
|
Attachment #348175 -
Attachment description: Patch to log return values. → Patch to log return values. (checked in)
|
|
Reporter | |
Comment 4•15 years ago
|
||
Occured once again: chains.sh: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -o OID.1.0 -t RootCA.der vfychain -d AllDB -pp -vv -o OID.1.0 EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der -t RootCA.der Chain is bad, -8032 = Cert chain fails policy validation PROBLEM WITH THE CERT CHAIN: CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 0, expected result is fail chains.sh: #7484: AnyPolicyWithLevel: Verifying certificate(s) EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -o OID.1.0 -t RootCA.der - FAILED From log is clear that vfychain returned value 0.
Assignee: nobody → alexei.volkov.bugs
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
|
|
Reporter | |
Comment 5•15 years ago
|
||
This problem is seen on nss2000s machine much more often then on other machines.
OS: Windows Server 2003 → Windows 2000
Priority: -- → P2
|
|
Reporter | |
Comment 6•15 years ago
|
||
Machine: goride MINGW32_NT-5.2 32bit DBG on 2009/09/14 00:46:18 vfychain -d AllDB -pp -vv -o OID.2.0 EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der -t RootCA.der Chain is bad, -8032 = Cert chain fails policy validation PROBLEM WITH THE CERT CHAIN: CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]: ERROR -8032: Cert chain fails policy validation Returned value is 0, expected result is fail chains.sh: #7549: AnyPolicyWithLevel: Verifying certificate(s) EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -o OID.2.0 -t RootCA.der - FAILED
|
|
Reporter | |
Comment 8•15 years ago
|
||
This problem seems to be Windows specific, I haven't seen it on any other OS yet.
|
||
Comment 9•2 years ago
|
||
The bug assignee is inactive on Bugzilla, and this bug has priority 'P2'.
:beurdouche, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee: alvolkov.bgs → nobody
Flags: needinfo?(bbeurdouche)
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Comment 10•1 year ago
|
||
We have modified the bot to only consider P1 as high priority, so I'm cancelling the needinfo here.
Flags: needinfo?(bbeurdouche)
You need to log in
before you can comment on or make changes to this bug.
Description
•