Closed
Bug 509656
Opened 15 years ago
Closed 15 years ago
Six tests fail when running all.sh
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 488646
3.12.4
People
(Reporter: wtc, Assigned: slavomir.katuscak+mozilla)
Details
(Whiteboard: PKIX)
If I run all.sh on a non-ECC build, I get six test failures. For example, on Mac OS X with NSS 3.12.3.1 and NSPR 4.7.1, these tests fail: #1779: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -o OID.2.16.840.1.113733.1.7.23.6 #1875: OCSP: Verifying certificate(s) OCSPEE12.cert OCSPCA1.cert with flags -g leaf -m ocsp -d OCSPRootDB -t OCSPRoot #3237: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -o OID.2.16.840.1.113733.1.7.23.6 #3333: OCSP: Verifying certificate(s) OCSPEE12.cert OCSPCA1.cert with flags -g leaf -m ocsp -d OCSPRootDB -t OCSPRoot #5266: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -o OID.2.16.840.1.113733.1.7.23.6 #5362: OCSP: Verifying certificate(s) OCSPEE12.cert OCSPCA1.cert with flags -g leaf -m ocsp -d OCSPRootDB -t OCSPRoot The output.log and results.html files are attached.
Reporter | ||
Comment 1•15 years ago
|
||
I can't attach output.log because it exceeds the 2MB limit of attachments. I also found that these six tests also fail in Extended ECC builds. The six tests seem to be three variants of two tests, with white, blue, and yellow backgrounds in the results.html page. Here are excerpts of the first two test failures from output.log for Mac OS X Extended ECC debug build with NSS 3.12.3.1 and NSPR 4.7.5: chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -o OID.2.16.840.1.113733.1.7.23.6 vfychain -d AllDB -pp -vv -o OID.2.16.840.1.113733.1.7.23.6 /Users/wtc/nss-3.12.3.1-2/mozilla/security/nss/tests/libpkix/certs/PayPalEE.cert Chain is bad, -8164 = This certificate is not valid. PROBLEM WITH THE CERT CHAIN: CERT 0. PayPalEE : ERROR -8181: Peer's Certificate has expired. Returned value is 1, expected result is pass chains.sh: #2997: RealCerts: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -o OID.2.16.840.1.113733.1.7.23.6 - FAILED chains.sh: Verifying certificate(s) OCSPEE12.cert OCSPCA1.cert with flags -g l eaf -m ocsp -d OCSPRootDB -t OCSPRoot vfychain -d OCSPRootDB -pp -vv -g leaf -m ocsp /Users/wtc/nss-3.12.3.1-2/moz illa/security/nss/tests/libpkix/certs/OCSPEE12.cert /Users/wtc/nss-3.12.3.1-2/mo zilla/security/nss/tests/libpkix/certs/OCSPCA1.cert -t OCSPRoot Chain is good! Root Certificate: Data: Version: 3 (0x2) Serial Number: 219193145 (0xd109f39) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" Validity: Not Before: Thu Feb 19 18:31:46 2009 Not After : Wed Feb 19 18:31:46 2059 Subject: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: ef:28:1c:84:50:5a:2e:bb:7a:ad:5e:2e:fb:61:03:ba: 44:c9:a9:8d:35:fa:78:6c:ac:7b:57:e2:7f:9e:f9:63: 70:15:a9:1c:8a:8d:bb:23:d1:11:7c:37:6c:ca:b0:ea: 60:89:57:06:b1:d3:4c:8c:85:e4:21:57:ea:f6:a3:cd: 61:cc:51:ba:b5:3c:1f:0e:e4:55:6e:0f:04:a0:7a:69: 06:9a:b2:d6:3a:5e:d0:fa:07:12:c4:d3:99:3e:a1:bc: 06:de:3a:d1:24:c5:24:c8:03:f2:66:24:76:93:12:ed: 4e:cc:f9:e9:f5:3b:e5:4a:d3:63:af:01:13:83:ce:f3 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Type Data: <SSL CA,S/MIME CA,ObjectSigning CA> Name: Certificate Basic Constraints Data: Is a CA with no maximum path length. Name: Certificate Key Usage Usages: Certificate Signing CRL Signing Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: b4:2f:33:72:87:24:78:9a:4c:24:ac:6e:92:a7:0e:7f: 32:92:67:79:7b:76:82:88:a5:3c:fd:27:cc:2b:50:f6: c4:d2:60:e5:42:20:10:25:07:27:aa:de:ae:f7:20:23: 6d:ae:6b:75:25:b6:eb:b3:2c:cb:3e:3b:46:8a:61:de: 6d:8e:0b:de:d4:46:6a:d6:01:44:89:8b:67:b4:47:bc: 43:be:da:4f:e9:6c:58:a9:c7:90:16:c6:ed:c1:3f:48: 7a:47:55:27:ed:b8:6c:17:6f:56:c5:6e:2a:8b:f3:67: a2:65:6c:b9:f6:71:cd:65:14:4a:40:ea:f1:8f:84:6f Fingerprint (MD5): 35:8F:91:0E:79:08:B0:8B:CF:1D:03:B5:E0:53:B8:B0 Fingerprint (SHA1): 85:7B:73:CA:B7:90:27:C4:C3:D1:61:C0:C3:4F:05:20:C6:73:19:AE Certificate Trust Flags: SSL Flags: Valid CA Trusted CA Trusted Client CA Email Flags: Valid CA Trusted CA Object Signing Flags: Valid CA Trusted CA Certificate 1 Subject: "CN=OCSPEE12 EE,O=OCSPEE12,C=US" Certificate 2 Subject: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US" Returned value is 0, expected result is fail chains.sh: #3093: OCSP: Verifying certificate(s) OCSPEE12.cert OCSPCA1.cert with flags -g leaf -m ocsp -d OCSPRootDB -t OCSPRoot - FAILED
Summary: Six tests fail when running all.sh on non-ECC builds → Six tests fail when running all.sh
Comment 2•15 years ago
|
||
Wan-Teh, if these 6 tests fail in non-ECC and extended ECC builds, then why are all the Tinderboxes green?
Updated•15 years ago
|
Assignee: nobody → slavomir.katuscak
Whiteboard: PKIX
Assignee | ||
Comment 3•15 years ago
|
||
Wan-Teh, there are 2 different problems: One is expired PayPalEE certificate, this certificate is already updated in trunk for a longer time, Christophe updated it also in 3.12.3.1 minibranch few days ago. Second problem is duplicate of 488646, this is also already fixed in trunk.
Reporter | ||
Comment 4•15 years ago
|
||
Slavo, thanks. Would be nice to add the fix for bug 488646 to your 3.12.3.2 release.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Target Milestone: --- → 3.12.4
You need to log in
before you can comment on or make changes to this bug.
Description
•