Context Navigation

← Previous Ticket
Next Ticket →

#2597 closed defect (fixed)

nginx-tests: some ssl tests fail with openssl 3.2.0

Reported by:	rbgarga@…	Owned by:
Priority:	minor	Milestone:
Component:	other	Version:	1.24.x
Keywords:		Cc:
uname -a:	Linux x230 6.7.1-0-generic #1 SMP PREEMPT_DYNAMIC Sat Jan 20 18:13:18 UTC 2024 x86_64
nginx -V:	nginx version: nginx/1.24.0 built with OpenSSL 3.2.0 23 Nov 2023 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --user=_www --group=_www --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/run/nginx/nginx.lock --modules-path=/usr/libexec/nginx --pid-path=/run/nginx/nginx.pid --sbin-path=/usr/bin/nginx --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --with-compat --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-stream=dynamic --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module

Description

I'm building nginx on an environment with openssl 3.2.0 and some tests fail as follow:

./access.t ................................. ok
./access_log.t ............................. ok
./access_log_variables.t ................... ok
./addition.t ............................... ok
./addition_buffered.t ...................... ok
./auth_basic.t ............................. ok
./auth_delay.t ............................. ok
./auth_request.t ........................... ok
./auth_request_satisfy.t ................... ok
./auth_request_set.t ....................... ok
./autoindex.t .............................. ok
./autoindex_format.t ....................... ok
./autoindex_win32.t ........................ skipped: Win32API::File not installed
./binary_upgrade.t ......................... skipped: can leave orphaned process group
./body.t ................................... ok
./body_chunked.t ........................... ok
./charset.t ................................ ok
./charset_gzip_static.t .................... ok
./config_dump.t ............................ ok
./dav.t .................................... ok
./dav_chunked.t ............................ ok
./dav_utf8.t ............................... ok
./debug_connection.t ....................... skipped: no --with-debug available
./debug_connection_syslog.t ................ skipped: no --with-debug available
./debug_connection_unix.t .................. skipped: no --with-debug available
./empty_gif.t .............................. ok
./error_log.t .............................. ok
./fastcgi.t ................................ skipped: FCGI not installed
./fastcgi_body.t ........................... ok
./fastcgi_body2.t .......................... skipped: FCGI not installed
./fastcgi_buffering.t ...................... skipped: FCGI not installed
./fastcgi_cache.t .......................... skipped: FCGI not installed
./fastcgi_extra_data.t ..................... skipped: FCGI not installed
./fastcgi_header_params.t .................. skipped: FCGI not installed
./fastcgi_keepalive.t ...................... ok
./fastcgi_merge_params.t ................... skipped: FCGI not installed
./fastcgi_merge_params2.t .................. skipped: FCGI not installed
./fastcgi_request_buffering.t .............. skipped: FCGI not installed
./fastcgi_request_buffering_chunked.t ...... skipped: FCGI not installed
./fastcgi_split.t .......................... skipped: FCGI not installed
./fastcgi_unix.t ........................... skipped: FCGI not installed
./fastcgi_variables.t ...................... skipped: FCGI not installed
./geo.t .................................... ok
./geo_binary.t ............................. skipped: long configuration parsing
./geo_ipv6.t ............................... ok
./geo_unix.t ............................... ok
./geoip.t .................................. skipped: no http_geoip available
./grpc.t ................................... ok
./grpc_next_upstream.t ..................... ok
./grpc_pass.t .............................. ok
./grpc_request_buffering.t ................. ok
./grpc_ssl.t ............................... ok
./gunzip.t ................................. ok
./gunzip_memcached.t ....................... skipped: Cache::Memcached not installed
./gunzip_perl.t ............................ skipped: no perl available
./gunzip_ssi.t ............................. ok
./gunzip_static.t .......................... ok
./gzip.t ................................... ok
./gzip_flush.t ............................. skipped: no perl available
./h2.t ..................................... ok
./h2_absolute_redirect.t ................... ok
./h2_auth_request.t ........................ ok
./h2_error_page.t .......................... ok
./h2_fastcgi_request_buffering.t ........... ok
./h2_headers.t ............................. ok
./h2_http2.t ............................... skipped: no http2
./h2_keepalive.t ........................... ok
./h2_limit_conn.t .......................... ok
./h2_limit_req.t ........................... ok
./h2_priority.t ............................ ok
./h2_proxy_cache.t ......................... ok
./h2_proxy_max_temp_file_size.t ............ ok
./h2_proxy_protocol.t ...................... ok
./h2_proxy_request_buffering.t ............. ok
./h2_proxy_request_buffering_redirect.t .... ok
./h2_proxy_request_buffering_ssl.t ......... ok
./h2_proxy_ssl.t ........................... ok
./h2_request_body.t ........................ ok
./h2_request_body_extra.t .................. ok
./h2_request_body_preread.t ................ ok
./h2_server_tokens.t ....................... ok
./h2_ssl.t ................................. ok
./h2_ssl_proxy_cache.t ..................... ok
./h2_ssl_proxy_protocol.t .................. ok
./h2_ssl_variables.t ....................... ok
./h2_ssl_verify_client.t ................... ok
./h2_trailers.t ............................ ok
./h2_variables.t ........................... ok
./h3_absolute_redirect.t ................... skipped: no http_v3 available
./h3_headers.t ............................. skipped: no http_v3 available
./h3_keepalive.t ........................... skipped: no http_v3 available
./h3_limit_conn.t .......................... skipped: no http_v3 available
./h3_limit_req.t ........................... skipped: no http_v3 available
./h3_proxy.t ............................... skipped: no http_v3 available
./h3_proxy_max_temp_file_size.t ............ skipped: no http_v3 available
./h3_reusable.t ............................ skipped: no http_v3 available
./h3_server_name.t ......................... skipped: no http_v3 available
./h3_server_tokens.t ....................... skipped: no http_v3 available
./h3_ssl_early_data.t ...................... skipped: no http_v3 available
./h3_ssl_reject_handshake.t ................ skipped: no http_v3 available
./h3_ssl_session_reuse.t ................... skipped: no http_v3 available
./h3_trailers.t ............................ skipped: no http_v3 available
./headers.t ................................ ok
./http_absolute_redirect.t ................. ok
./http_disable_symlinks.t .................. skipped: no external file found
./http_error_page.t ........................ ok
./http_expect_100_continue.t ............... ok
./http_header_buffers.t .................... ok
./http_headers_multi.t ..................... ok
./http_host.t .............................. ok
./http_include.t ........................... ok
./http_keepalive.t ......................... ok
./http_keepalive_shutdown.t ................ ok
./http_listen.t ............................ ok
./http_listen_wildcard.t ................... skipped: listen on wildcard address
./http_location.t .......................... ok
./http_location_auto.t ..................... ok
./http_location_win32.t .................... skipped: not win32
./http_method.t ............................ ok
./http_resolver.t .......................... ok
./http_resolver_aaaa.t ..................... ok
./http_resolver_cleanup.t .................. ok
./http_resolver_cname.t .................... ok
./http_resolver_ipv4.t ..................... ok
./http_server_name.t ....................... ok
./http_try_files.t ......................... ok
./http_uri.t ............................... ok
./http_variables.t ......................... ok
./ignore_invalid_headers.t ................. ok
./image_filter.t ........................... skipped: GD not installed
./image_filter_finalize.t .................. skipped: no image_filter available
./image_filter_webp.t ...................... skipped: no image_filter available
./index.t .................................. ok
./limit_conn.t ............................. ok
./limit_conn_complex.t ..................... ok
./limit_conn_dry_run.t ..................... ok
./limit_rate.t ............................. ok
./limit_req.t .............................. ok
./limit_req2.t ............................. ok
./limit_req_delay.t ........................ ok
./limit_req_dry_run.t ...................... ok
./mail_capability.t ........................ skipped: no imap available
./mail_error_log.t ......................... skipped: no imap available
./mail_imap.t .............................. skipped: no imap available
./mail_imap_ssl.t .......................... skipped: no imap available
./mail_max_errors.t ........................ skipped: no imap available
./mail_pop3.t .............................. skipped: no pop3 available
./mail_proxy_protocol.t .................... skipped: no smtp available
./mail_proxy_smtp_auth.t ................... skipped: no smtp available
./mail_resolver.t .......................... skipped: no smtp available
./mail_smtp.t .............................. skipped: no smtp available
./mail_smtp_greeting_delay.t ............... skipped: no smtp available
./mail_smtp_xclient.t ...................... skipped: no smtp available
./mail_ssl.t ............................... skipped: no imap available
./mail_ssl_conf_command.t .................. skipped: no imap available
./mail_ssl_session_reuse.t ................. skipped: no imap available
./map.t .................................... ok
./map_complex.t ............................ ok
./map_volatile.t ........................... ok
./memcached.t .............................. skipped: Cache::Memcached not installed
./memcached_fake.t ......................... ok
./memcached_fake_extra.t ................... ok
./memcached_keepalive.t .................... skipped: Cache::Memcached not installed
./memcached_keepalive_stale.t .............. skipped: Cache::Memcached not installed
./merge_slashes.t .......................... ok
./mirror.t ................................. ok
./mirror_proxy.t ........................... ok
./mp4.t .................................... ok
./mp4_ssi.t ................................ ok
./mp4_start_key_frame.t .................... ok
./msie_refresh.t ........................... ok
./not_modified.t ........................... ok
./not_modified_finalize.t .................. ok
./not_modified_proxy.t ..................... ok
./perl.t ................................... skipped: no perl available
./perl_gzip.t .............................. skipped: no perl available
./perl_sleep.t ............................. skipped: no perl available
./perl_ssi.t ............................... skipped: no perl available
./post_action.t ............................ ok
./proxy.t .................................. ok
./proxy_available.t ........................ ok
./proxy_bind.t ............................. ok
./proxy_bind_transparent.t ................. skipped: must be root
./proxy_bind_transparent_capability.t ...... skipped: must be root
./proxy_cache.t ............................ ok
./proxy_cache_bypass.t ..................... ok
./proxy_cache_chunked.t .................... ok
./proxy_cache_control.t .................... ok
./proxy_cache_convert_head.t ............... ok
./proxy_cache_error.t ...................... ok
./proxy_cache_lock.t ....................... ok
./proxy_cache_lock_age.t ................... ok
./proxy_cache_lock_ssi.t ................... ok
./proxy_cache_manager.t .................... skipped: long test
./proxy_cache_max_range_offset.t ........... ok
./proxy_cache_min_free.t ................... ok
./proxy_cache_path.t ....................... ok
./proxy_cache_range.t ...................... ok
./proxy_cache_revalidate.t ................. ok
./proxy_cache_use_stale.t .................. ok
./proxy_cache_valid.t ...................... ok
./proxy_cache_variables.t .................. ok
./proxy_cache_vary.t ....................... ok
./proxy_chunked.t .......................... ok
./proxy_chunked_extra.t .................... ok
./proxy_cookie.t ........................... ok
./proxy_cookie_flags.t ..................... ok
./proxy_duplicate_headers.t ................ ok
./proxy_extra_data.t ....................... ok
./proxy_force_ranges.t ..................... ok
./proxy_if.t ............................... ok
./proxy_implicit.t ......................... ok
./proxy_intercept_errors.t ................. ok
./proxy_keepalive.t ........................ ok
./proxy_limit_rate.t ....................... ok
./proxy_max_temp_file_size.t ............... ok
./proxy_merge_headers.t .................... ok
./proxy_method.t ........................... ok
./proxy_next_upstream.t .................... ok
./proxy_next_upstream_tries.t .............. ok
./proxy_noclose.t .......................... ok
./proxy_non_idempotent.t ................... ok
./proxy_pass_request.t ..................... ok
./proxy_protocol.t ......................... ok
./proxy_protocol2.t ........................ ok
./proxy_protocol2_tlv.t .................... ok
./proxy_protocol_ipv6.t .................... ok
./proxy_protocol_unix.t .................... ok
./proxy_redirect.t ......................... ok
./proxy_request_buffering.t ................ ok
./proxy_request_buffering_chunked.t ........ ok
./proxy_request_buffering_keepalive.t ...... ok
./proxy_request_buffering_ssl.t ............ ok
./proxy_set_body.t ......................... ok
./proxy_ssi_body.t ......................... ok
./proxy_ssl.t .............................. ok
./proxy_ssl_certificate.t .................. ok
./proxy_ssl_certificate_empty.t ............ ok
./proxy_ssl_certificate_vars.t ............. ok
./proxy_ssl_conf_command.t ................. ok
./proxy_ssl_keepalive.t .................... ok
./proxy_ssl_name.t ......................... ok
./proxy_ssl_verify.t ....................... ok
./proxy_store.t ............................ ok
./proxy_unfinished.t ....................... ok
./proxy_unix.t ............................. ok
./proxy_upgrade.t .......................... ok
./proxy_upstream_cookie.t .................. ok
./proxy_variables.t ........................ ok
./proxy_websocket.t ........................ skipped: Protocol::WebSocket not installed
./proxy_xar.t .............................. ok
./quic_ciphers.t ........................... skipped: no http_v3 available
./quic_key_update.t ........................ skipped: no http_v3 available
./quic_migration.t ......................... skipped: no http_v3 available
./quic_retry.t ............................. skipped: no http_v3 available
./random_index.t ........................... ok
./range.t .................................. ok
./range_charset.t .......................... ok
./range_clearing.t ......................... ok
./range_flv.t .............................. ok
./range_if_range.t ......................... ok
./range_mp4.t .............................. ok
./realip.t ................................. ok
./realip_hostname.t ........................ ok
./realip_remote_addr.t ..................... ok
./realip_remote_port.t ..................... ok
./referer.t ................................ ok
./request_id.t ............................. ok
./rewrite.t ................................ ok
./rewrite_if.t ............................. ok
./rewrite_set.t ............................ ok
./rewrite_unescape.t ....................... ok
./scgi.t ................................... skipped: SCGI not installed
./scgi_body.t .............................. skipped: SCGI not installed
./scgi_cache.t ............................. skipped: SCGI not installed
./scgi_extra_data.t ........................ skipped: SCGI not installed
./scgi_gzip.t .............................. skipped: SCGI not installed
./scgi_merge_params.t ...................... skipped: SCGI not installed
./secure_link.t ............................ ok
./server_tokens.t .......................... ok
./slice.t .................................. ok
./split_clients.t .......................... ok
./ssi.t .................................... ok
./ssi_delayed.t ............................ ok
./ssi_if.t ................................. ok
./ssi_include_big.t ........................ ok
./ssi_waited.t ............................. ok
./ssl.t .................................... ok
./ssl_certificate.t ........................ ok
 
#   Failed test 'intermediate'
#   at ./ssl_certificate_chain.t line 137.
 
#   Failed test 'intermediate server'
#   at ./ssl_certificate_chain.t line 138.
# Looks like you failed 2 tests of 5.
./ssl_certificate_chain.t ..................
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/5 subtests
./ssl_certificate_perl.t ................... skipped: no perl available
./ssl_certificates.t ....................... ok
./ssl_client_escaped_cert.t ................ ok
./ssl_conf_command.t ....................... ok
 
#   Failed test 'crl - no revoked certs'
#   at ./ssl_crl.t line 157.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:46 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: FAILED:unsuitable certificate purpose
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^:SUCCESS)'
# Looks like you failed 1 test of 5.
./ssl_crl.t ................................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/5 subtests
./ssl_curve.t .............................. ok
./ssl_engine_keys.t ........................ skipped: may not work, leaves coredump
 
#   Failed test 'ocsp leaf'
#   at ./ssl_ocsp.t line 273.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:200 OK.*SUCCESS)'
 
#   Failed test 'ocsp many failed request'
#   at ./ssl_ocsp.t line 277.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:400 Bad.*FAILED:certificate status request failed)'
 
#   Failed test 'ocsp many failed'
#   at ./ssl_ocsp.t line 283.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:400 Bad.*FAILED:certificate status request failed)'
 
#   Failed test 'ocsp many'
#   at ./ssl_ocsp.t line 299.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:200 OK.*SUCCESS)'
 
#   Failed test 'cache store'
#   at ./ssl_ocsp.t line 303.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:200 OK.*SUCCESS)'
 
#   Failed test 'revoked'
#   at ./ssl_ocsp.t line 322.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:400 Bad.*FAILED:certificate revoked)'
 
#   Failed test 'ocsp responder'
#   at ./ssl_ocsp.t line 326.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:200 OK.*SUCCESS)'
 
#   Failed test 'ocsp context'
#   at ./ssl_ocsp.t line 330.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:200 OK.*SUCCESS)'
 
#   Failed test 'cache lookup'
#   at ./ssl_ocsp.t line 334.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:200 OK.*SUCCESS)'
 
#   Failed test 'root ca not trusted'
#   at ./ssl_ocsp.t line 338.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:400 Bad.*FAILED:certificate status request failed)'
 
#   Failed test 'ocsp ecdsa'
#   at ./ssl_ocsp.t line 350.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:200 OK.*SUCCESS)'
 
#   Failed test 'session reused'
#   at ./ssl_ocsp.t line 362.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:200 OK.*SUCCESS:r)'
 
#   Failed test 'session reused - revoked'
#   at ./ssl_ocsp.t line 394.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:36:47 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Verify: xFAILED:unsuitable certificate purpose:.x
# X-SSL-Protocol: TLSv1.3
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^s:400 Bad.*FAILED:certificate revoked:r)'
# Looks like you failed 13 tests of 17.
./ssl_ocsp.t ...............................
Dubious, test returned 13 (wstat 3328, 0xd00)
Failed 13/17 subtests
./ssl_password_file.t ...................... ok
./ssl_proxy_protocol.t ..................... ok
./ssl_proxy_upgrade.t ...................... ok
./ssl_reject_handshake.t ................... ok
./ssl_session_reuse.t ...................... ok
./ssl_session_ticket_key.t ................. ok
./ssl_sni.t ................................ ok
./ssl_sni_reneg.t .......................... ok
./ssl_sni_sessions.t ....................... ok
./ssl_stapling.t ........................... ok
./ssl_verify_client.t ...................... ok
 
#   Failed test 'verify depth 1 - int'
#   at ./ssl_verify_depth.t line 161.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:37:01 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Client: CN=int
# X-Verify: FAILED:unsuitable certificate purpose
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^:SUCCESS)'
 
#   Failed test 'verify depth 2 - int'
#   at ./ssl_verify_depth.t line 168.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:37:01 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Client: CN=int
# X-Verify: FAILED:unsuitable certificate purpose
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^:SUCCESS)'
 
#   Failed test 'verify depth 2 - end'
#   at ./ssl_verify_depth.t line 169.
#                   'HTTP/1.1 400 Bad Request
# Server: nginx/1.24.0
# Date: Fri, 26 Jan 2024 11:37:01 GMT
# Content-Type: text/html
# Content-Length: 215
# Connection: close
# X-Client: CN=end
# X-Verify: FAILED:unsuitable certificate purpose
#
# <html>
# <head><title>400 The SSL certificate error</title></head>
# <body>
# <center><h1>400 Bad Request</h1></center>
# <center>The SSL certificate error</center>
# <hr><center>nginx/1.24.0</center>
# </body>
# </html>
# '
#     doesn't match '(?^:SUCCESS)'
# Looks like you failed 3 tests of 11.
./ssl_verify_depth.t .......................
Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/11 subtests
./stream_access.t .......................... ok
./stream_access_log.t ...................... ok
./stream_access_log_escape.t ............... ok
./stream_access_log_none.t ................. ok
./stream_error_log.t ....................... ok
./stream_geo.t ............................. ok
./stream_geo_binary.t ...................... skipped: long configuration parsing
./stream_geo_ipv6.t ........................ ok
./stream_geo_unix.t ........................ ok
./stream_geoip.t ........................... skipped: no stream_geoip available
./stream_limit_conn.t ...................... ok
./stream_limit_conn_complex.t .............. ok
./stream_limit_conn_dry_run.t .............. ok
./stream_limit_rate.t ...................... ok
./stream_limit_rate2.t ..................... ok
./stream_map.t ............................. ok
./stream_proxy.t ........................... ok
./stream_proxy_bind.t ...................... ok
./stream_proxy_complex.t ................... ok
./stream_proxy_half_close.t ................ ok
./stream_proxy_next_upstream.t ............. ok
./stream_proxy_protocol.t .................. ok
./stream_proxy_protocol2_tlv.t ............. ok
./stream_proxy_protocol_ipv6.t ............. ok
./stream_proxy_protocol_ssl.t .............. ok
./stream_proxy_ssl.t ....................... ok
./stream_proxy_ssl_certificate.t ........... ok
./stream_proxy_ssl_certificate_vars.t ...... ok
./stream_proxy_ssl_conf_command.t .......... ok
./stream_proxy_ssl_name.t .................. ok
./stream_proxy_ssl_name_complex.t .......... ok
./stream_proxy_ssl_verify.t ................ ok
./stream_realip.t .......................... ok
./stream_realip_hostname.t ................. ok
./stream_resolver.t ........................ ok
./stream_set.t ............................. ok
./stream_split_clients.t ................... ok
./stream_ssl.t ............................. ok
./stream_ssl_alpn.t ........................ ok
./stream_ssl_certificate.t ................. ok
./stream_ssl_conf_command.t ................ ok
./stream_ssl_preread.t ..................... ok
./stream_ssl_preread_alpn.t ................ ok
./stream_ssl_preread_protocol.t ............ ok
./stream_ssl_realip.t ...................... ok
./stream_ssl_session_reuse.t ............... ok
./stream_ssl_variables.t ................... ok
./stream_ssl_verify_client.t ............... ok
./stream_status_variable.t ................. ok
./stream_tcp_nodelay.t ..................... ok
./stream_udp_limit_conn.t .................. ok
./stream_udp_limit_rate.t .................. ok
./stream_udp_proxy.t ....................... ok
./stream_udp_proxy_requests.t .............. ok
./stream_udp_stream.t ...................... ok
./stream_udp_upstream.t .................... ok
./stream_udp_upstream_hash.t ............... ok
./stream_udp_upstream_least_conn.t ......... ok
./stream_udp_wildcard.t .................... skipped: listen on wildcard address
./stream_unix.t ............................ ok
./stream_upstream.t ........................ ok
./stream_upstream_hash.t ................... ok
./stream_upstream_least_conn.t ............. ok
./stream_upstream_max_conns.t .............. ok
./stream_upstream_random.t ................. ok
./stream_upstream_zone.t ................... ok
./stream_upstream_zone_ssl.t ............... ok
./stream_variables.t ....................... ok
./stub_status.t ............................ ok
./sub_filter.t ............................. ok
./sub_filter_buffering.t ................... ok
./sub_filter_merge.t ....................... ok
./sub_filter_multi.t ....................... ok
./sub_filter_multi2.t ...................... ok
./sub_filter_perl.t ........................ skipped: no perl available
./sub_filter_slice.t ....................... ok
./sub_filter_ssi.t ......................... skipped: no xslt available
./subrequest_output_buffer_size.t .......... ok
./syslog.t ................................. ok
./trailers.t ............................... ok
./upstream.t ............................... ok
./upstream_hash.t .......................... ok
./upstream_hash_memcached.t ................ skipped: Cache::Memcached not installed
./upstream_ip_hash.t ....................... ok
./upstream_ip_hash_ipv6.t .................. ok
./upstream_keepalive.t ..................... ok
./upstream_least_conn.t .................... ok
./upstream_max_conns.t ..................... ok
./upstream_random.t ........................ ok
./upstream_zone.t .......................... ok
./upstream_zone_ssl.t ...................... ok
./userid.t ................................. ok
./userid_flags.t ........................... ok
./uwsgi.t .................................. skipped: uwsgi not found
./uwsgi_body.t ............................. skipped: uwsgi not found
./uwsgi_ssl.t .............................. skipped: uwsgi not found
./uwsgi_ssl_certificate.t .................. ok
./uwsgi_ssl_certificate_vars.t ............. ok
./uwsgi_ssl_verify.t ....................... skipped: uwsgi not found
./worker_shutdown_timeout.t ................ ok
./worker_shutdown_timeout_h2.t ............. ok
./worker_shutdown_timeout_mail.t ........... skipped: no imap available
./worker_shutdown_timeout_proxy_upgrade.t .. ok
./worker_shutdown_timeout_stream.t ......... ok
./xslt.t ................................... skipped: no xslt available
./xslt_params.t ............................ skipped: no xslt available
 
Test Summary Report
-------------------
./ssl_certificate_chain.t                (Wstat: 512 (exited 2) Tests: 5 Failed: 2)
  Failed tests:  2-3
  Non-zero exit status: 2
./ssl_crl.t                              (Wstat: 256 (exited 1) Tests: 5 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
./ssl_ocsp.t                             (Wstat: 3328 (exited 13) Tests: 17 Failed: 13)
  Failed tests:  1-13
  Non-zero exit status: 13
./ssl_verify_depth.t                     (Wstat: 768 (exited 3) Tests: 11 Failed: 3)
  Failed tests:  5, 8-9
  Non-zero exit status: 3
Files=416, Tests=4620, 423 wallclock secs ( 2.27 usr  0.88 sys + 78.05 cusr 14.15 csys = 95.35 CPU)
Result: FAIL

Change History (1)

comment:1 by Sergey Kandaurov, 4 months ago

Resolution:	→ fixed
Status:	new → closed

Fixed in https://hg.nginx.org/nginx-tests/rev/0b5ec15c62ed

Note: See TracTickets for help on using tickets.

Download in other formats: