Bug 1189180

Summary: mariadb55-mariadb-5.5.41-12.el6 uses SSLv3 test
Product: Red Hat Software Collections Reporter: Pat Riehecky <riehecky>
Component: mariadbAssignee: Honza Horak <hhorak>
Status: CLOSED ERRATA QA Contact: Branislav Blaškovič <bblaskov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rh-mariadb100CC: csieh, databases-maint, hhorak, misterbonnie, riehecky, vuvova
Target Milestone: rc   
Target Release: 2.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: rh-mariadb100-mariadb-10.0.17-9.el6, rh-mariadb100-mariadb-10.0.17-9.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-06-04 08:39:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pat Riehecky 2015-02-04 15:57:51 UTC 
Description of problem:
The maraidb self tests include a SSLv3 test.  With the padding attack on SSLv3, should this test be updated to TLS as recent versions of openssl strongly prefer it?

Version-Release number of selected component (if applicable):mariadb55-mariadb-5.5.41-12.el6


How reproducible:100%


Steps to Reproduce:
1. review test code for main.openssl_1
2.
3.

Actual results:
uses SSLv3 to verify encryption channel

Expected results:
uses TLS to verify encryption channel

Additional info:
Comment 2 Honza Horak 2015-02-05 16:44:30 UTC 
Thanks for the report, I've reported it to upstream:
https://mariadb.atlassian.net/browse/MDEV-7547
Comment 3 Honza Horak 2015-02-09 12:55:25 UTC 
Actually there is another openssl-related test, that tests TLS: openssl_6975.test, which covers at least some part of TLS. If you have any other improvements for this test, I'd like to hear it, thanks.
Comment 4 Honza Horak 2015-02-09 12:57:24 UTC 
Now I see the test was skipped during build with comment 'no or too old openssl', so we'll investigate. Changing needinfo for me to track where is needed some work now.
Comment 5 Honza Horak 2015-03-20 08:29:56 UTC 
What is important, the tests pass when running manually. However, they don't get run during build because for getting information if openssl supports TLS the mariadb test suite uses openssl binary, which is not available during build. So the fix for running openssl_6975 test is:
    BuildRequires: openssl
Comment 8 Branislav Blaškovič 2015-05-05 12:43:31 UTC 
Both (rhel6, rhel7) spec files contains:
BuildRequires:    openssl

So test openssl_6975.test will use it.

And as I understand it correctly, test main.openssl_1 will be kept as it is, according to: "Can we close this issue? I'd prefer to keep at least some SSLv3 tests to be able to test yassl (and old openssl, we have it on a couple of builders) tests." from upstream bug.

Marking as SanityOnly.
Comment 10 errata-xmlrpc 2015-06-04 08:39:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-1062.html