Closed
Bug 741873
Opened 12 years ago
Closed 12 years ago
If the OCSP server is unreachable during NSS test suite execution, return a failure
Categories
(NSS :: Test, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.14
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(2 files)
841 bytes,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
1.10 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
As of today, if the NSS test suite fails to contact the expected OCSP server, it will gracefully ignore this failure, and simply report OCSP server not accessible, skipping OCSP tests in output.log I propose, once we have the OCSP tests working again, that the NSS test suite should report a test failure (orange tinderbox) if the OCSP server cannot be reached.
Assignee | ||
Comment 1•12 years ago
|
||
Assignee: nobody → kaie
Attachment #612015 -
Flags: review?(rrelyea)
Comment 2•12 years ago
|
||
Comment on attachment 612015 [details] [diff] [review] Patch v1 [checked in] r+ rrelyea looks like a good idea.
Attachment #612015 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 3•12 years ago
|
||
Checking in chains.sh; /cvsroot/mozilla/security/nss/tests/chains/chains.sh,v <-- chains.sh new revision: 1.32; previous revision: 1.31 done
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.13.5
Assignee | ||
Comment 4•12 years ago
|
||
The Mac tinderbox machine experience regular failure in the ping test. Despite the ocsp host being online all the time, the test suite complains the server cannot be reached. I suspect trouble in the home network using wireless connectivity. As an attempt to fix the ping test, I've checked in a change, which increases the timeout for the ping response to 10 seconds. Checking in chains.sh; /cvsroot/mozilla/security/nss/tests/chains/chains.sh,v <-- chains.sh new revision: 1.33; previous revision: 1.32 done
Assignee | ||
Comment 5•12 years ago
|
||
Backing out, reopening. /cvsroot/mozilla/security/nss/tests/chains/chains.sh,v <-- chains.sh new revision: 1.35; previous revision: 1.34 The ping test fails frequently, which I cannot explain yet, because ocsp.kuix.de is constantly up. Maybe the build slaves have a very high system load at the time they attempt the ping. I think, rather than using ping, it would be better to perform some kind of TCP based test to the OCSP server port serving the HTTP protocol.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 6•12 years ago
|
||
IMHO the classic "ping" test is too unreliable for our purposes. I propose to use the "tstclnt -q" feature, which performs a TCP/IP socket connection to the destination server, then disconnects, without transferring any data. I think this would be a more reliable test. It would work even with Firewalls that filter the ICMP packages used by standard ping.
Depends on: 747929
Assignee | ||
Comment 7•12 years ago
|
||
Added a timeout parameter (20) to the tcp/ip based connection test, required for environments that block packets on the OCSP port.
Attachment #612015 -
Attachment is obsolete: true
Attachment #617509 -
Flags: review?(rrelyea)
Assignee | ||
Updated•12 years ago
|
Attachment #612015 -
Attachment description: Patch v1 → Patch v1 [checked in]
Attachment #612015 -
Attachment is obsolete: false
Assignee | ||
Updated•12 years ago
|
Attachment #617509 -
Attachment description: Patch v2 → Additional Patch v2
Comment 8•12 years ago
|
||
Comment on attachment 617509 [details] [diff] [review] Additional Patch v2 [checked in] r+ rrelyea
Attachment #617509 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 9•12 years ago
|
||
checked in both patches. Checking in chains.sh; /cvsroot/mozilla/security/nss/tests/chains/chains.sh,v <-- chains.sh new revision: 1.36; previous revision: 1.35 done
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
Target Milestone: 3.13.5 → 3.14
Assignee | ||
Updated•12 years ago
|
Attachment #617509 -
Attachment description: Additional Patch v2 → Additional Patch v2 [checked in]
You need to log in
before you can comment on or make changes to this bug.
Description
•