Bug 1034351

Summary: Ruby test suite is failing on certificates
Product: Red Hat Enterprise Linux 6 Reporter: Miroslav Hradílek <mhradile>
Component: rubyAssignee: Vít Ondruch <vondruch>
Status: CLOSED ERRATA QA Contact: Iveta Wiedermann <isenfeld>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: isenfeld, tmraz, vondruch
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ruby-1.8.7.374-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 797217 Environment:
Last Closed: 2014-10-14 06:42:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 797217    
Bug Blocks:    

Description Miroslav Hradílek 2013-11-25 16:33:13 UTC 
Hello, this is now happening on RHEL 6.5 as well
openssl-1.0.1e-15.el6.x86_64
ruby-1.8.7.352-13.el6.x86_64

+++ This bug was initially created as a clone of Bug #797217 +++

It seems that openssl-1.0.1-0.1.beta2.fc17 breaks Ruby's test suite.

1) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509cert.rb

  1) Failure:
test_dsig_algorithm_mismatch(OpenSSL::TestX509Certificate) [test/openssl/test_x509cert.rb:175]:
OpenSSL::X509::CertificateError expected but nothing was raised.

It seems to be caused by this commit: http://cvs.openssl.org/filediff?f=openssl/crypto/asn1/a_sign.c&v1=1.21.4.1&v2=1.21.4.2

I am not sure what is the purpose and why it behaves differently now.



2) https://github.com/ruby/ruby/blob/trunk/test/drb/test_drbssl.rb

  1) Error:
test_01(TestDRbSSLAry):
DRb::DRbConnError: drbssl://dhcp-25-1.brq.redhat.com:53654 - #<RuntimeError: execution expired>
    /builddir/build/BUILD/ruby-1.9.3-p125/test/drb/drbtest.rb:30:in `block in ext_service'
    /builddir/build/BUILD/ruby-1.9.3-p125/test/drb/drbtest.rb:29:in `ext_service'
    test/drb/test_drbssl.rb:56:in `setup'

  2) Error:
test_02_collect(TestDRbSSLAry):
DRb::DRbConnError: drbssl://dhcp-25-1.brq.redhat.com:53654 - #<RuntimeError: execution expired>
    /builddir/build/BUILD/ruby-1.9.3-p125/test/drb/drbtest.rb:30:in `block in ext_service'
    /builddir/build/BUILD/ruby-1.9.3-p125/test/drb/drbtest.rb:29:in `ext_service'
    test/drb/test_drbssl.rb:56:in `setup'

... snip ...

 20) Error:
test_11_remote_no_method_error(TestDRbSSLCore):
DRb::DRbConnError: drbssl://localhost:57498 - #<RuntimeError: execution expired>
    /builddir/build/BUILD/ruby-1.9.3-p125/test/drb/drbtest.rb:30:in `block in ext_service'
    /builddir/build/BUILD/ruby-1.9.3-p125/test/drb/drbtest.rb:29:in `ext_service'
    test/drb/test_drbssl.rb:39:in `setup'


It might be related, to issue 1, I am not sure. However, the server and client can't establish connection and the test timeouts.



I am wondering why this update was introduced so late in development cycle. Could you please revert it?

--- Additional comment from Fedora Update System on 2012-02-29 04:03:21 EST ---

openssl-1.0.0g-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/openssl-1.0.0g-2.fc17

--- Additional comment from Tomas Mraz on 2012-02-29 04:05:50 EST ---

Moving to rawhide. For F17 I reverted the openssl to 1.0.0g.

--- Additional comment from Vít Ondruch on 2012-02-29 04:47:31 EST ---

Hi Tomas,

Is there any chance you could help me to understand what is the purpose of the change? There is already new Ruby's patch release I'd like to ship in F17, however I need to get it working in Rawhide first.

--- Additional comment from Tomas Mraz on 2012-02-29 05:03:26 EST ---

The change adds support for new types of signatures - namely PSS signatures.
I suppose in the first case the DSS1 signature is handled as SHA1 signature. I'd probably simply skip this test.

I don't think the second failure is related. Unfortunately I have no idea what causes it. I don't know Ruby good enough to find out what it does there wrong.

--- Additional comment from Fedora Update System on 2012-03-06 15:28:25 EST ---

openssl-1.0.0g-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 RHEL Program Management 2014-05-06 12:51:07 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Comment 5 Vít Ondruch 2014-05-15 14:29:38 UTC 
The first case is resolved. The second appears just randomly and is very likely just by load of build machine. Actually, testing locally and when some Ruby is installed on the system, the whole test suite just passes.
Comment 8 errata-xmlrpc 2014-10-14 06:42:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1470.html