Closed Bug 741873 Opened 12 years ago Closed 12 years ago

If the OCSP server is unreachable during NSS test suite execution, return a failure

Categories

(NSS :: Test, defect)

Product:
NSS
Component:
Test
Version:
3.13.3
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(2 files)

Patch v1 [checked in]
841 bytes, patch
rrelyea
: review+
Details | Diff | Splinter Review
Additional Patch v2 [checked in]
1.10 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review 
As of today, if the NSS test suite fails to contact the expected OCSP server, it will gracefully ignore this failure, and simply report
  OCSP server not accessible, skipping OCSP tests
in output.log

I propose, once we have the OCSP tests working again, that the NSS test suite should report a test failure (orange tinderbox) if the OCSP server cannot be reached.
Assignee: nobody → kaie

        Attachment #612015 -
        Flags: review?(rrelyea)

    
    

    
  
Comment on attachment 612015 [details] [diff] [review]
Patch v1 [checked in]

r+ rrelyea

looks like a good idea.

        Attachment #612015 -
        Flags: review?(rrelyea) → review+

    
    

    
  
Checking in chains.sh;
/cvsroot/mozilla/security/nss/tests/chains/chains.sh,v  <--  chains.sh
new revision: 1.32; previous revision: 1.31
done
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.13.5

    
    

    
  
The Mac tinderbox machine experience regular failure in the ping test. Despite the ocsp host being online all the time, the test suite complains the server cannot be reached. I suspect trouble in the home network using wireless connectivity.

As an attempt to fix the ping test, I've checked in a change, which increases the timeout for the ping response to 10 seconds.

Checking in chains.sh;
/cvsroot/mozilla/security/nss/tests/chains/chains.sh,v  <--  chains.sh
new revision: 1.33; previous revision: 1.32
done

    
    

    
  
Backing out, reopening.
/cvsroot/mozilla/security/nss/tests/chains/chains.sh,v  <--  chains.sh
new revision: 1.35; previous revision: 1.34

The ping test fails frequently, which I cannot explain yet, because ocsp.kuix.de is constantly up. Maybe the build slaves have a very high system load at the time they attempt the ping.

I think, rather than using ping, it would be better to perform some kind of TCP based test to the OCSP server port serving the HTTP protocol.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  
IMHO the classic "ping" test is too unreliable for our purposes.

I propose to use the "tstclnt -q" feature, which performs a TCP/IP socket connection to the destination server, then disconnects, without transferring any data.

I think this would be a more reliable test.
It would work even with Firewalls that filter the ICMP packages used by standard ping.
Depends on: 747929

    
    

    
  


  
Added a timeout parameter (20) to the tcp/ip based connection test, required for environments that block packets on the OCSP port.

        Attachment #612015 -
        Attachment is obsolete: true

        Attachment #617509 -
        Flags: review?(rrelyea)

    
  

        Attachment #612015 -
        Attachment description: Patch v1 → Patch v1 [checked in]

        Attachment #612015 -
        Attachment is obsolete: false

    
  

        Attachment #617509 -
        Attachment description: Patch v2 → Additional Patch v2

    
    

    
  
Comment on attachment 617509 [details] [diff] [review]
Additional Patch v2 [checked in]

r+ rrelyea

        Attachment #617509 -
        Flags: review?(rrelyea) → review+

    
    

    
  
checked in both patches.

Checking in chains.sh;
/cvsroot/mozilla/security/nss/tests/chains/chains.sh,v  <--  chains.sh
new revision: 1.36; previous revision: 1.35
done
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → FIXED
Target Milestone: 3.13.5 → 3.14

    
  

        Attachment #617509 -
        Attachment description: Additional Patch v2 → Additional Patch v2 [checked in]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: