Bug 1263005

Summary: Flaws in test script and conditional compile for disabling SSL2 and export suites support
Product: [Fedora] Fedora Reporter: Elio Maldonado Batiz <emaldona>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: high    
Version: rawhideCC: amarecek, emaldona, hkario, jrieden, kdudka, kengert, rrelyea
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: nss-3.20.0-3.fc24, nss-3.20.0-1.1.fc23, nss-3.20.0-1.1.fc22 nss-3.22.0-1.0.fc23 nss-3.22.0-1.0.fc22 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1123435 Environment:
Last Closed: 2016-02-21 02:20:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1123435    
Bug Blocks: 1185708, 1245627    
Attachments:
Description Flags
disable ssl2 & export ciphers but allow the ..._RSA_WITH_NULL_... ones
none
Fix checks for SSL2 and EXPORT cipher suites tests
none
tstclnt ssl2 off by default
none
disable ssl stress tests for ..._TLS_RC4_128_with_MD5 ciphers none

Comment 1 Elio Maldonado Batiz 2015-09-14 21:41:54 UTC 
This bug and its fix has two parts: 

1) The patch to skip ssl2 and export suite suites tests had some shell syntax errors which caused too many tests to be skipped which should shouldn't have been skipped. As a result some failures weren't being detected.

2) The patch to disable support ssl2 and export cipher suites for libssl didn't account in its conditional checks for NULL cipher suites and disabled it as well which it wasn't supposed to do. The fix implemented is the one proposed by Kai on 
https://bugzilla.redhat.com/show_bug.cgi?id=1245627#c15
Comment 2 Elio Maldonado Batiz 2015-09-14 21:52:06 UTC 
Created attachment 1073441 [details]
disable ssl2 & export ciphers but allow the ..._RSA_WITH_NULL_... ones
Comment 3 Elio Maldonado Batiz 2015-09-14 21:53:51 UTC 
Created attachment 1073442 [details]
Fix checks for SSL2 and EXPORT cipher suites tests
Comment 4 Elio Maldonado Batiz 2015-09-14 21:55:42 UTC 
Created attachment 1073443 [details]
tstclnt ssl2 off by default
Comment 5 Elio Maldonado Batiz 2015-09-14 22:34:08 UTC 
Comment on attachment 1073442 [details]
Fix checks for SSL2 and EXPORT cipher suites tests

The last chunk with diff --git a/tests/ssl/sslcov.noSSL2orExport.txt b/tests/ssl/sslcov.noSSL2orExport.txt goes away. Per Kai's suggestion the sslcov.txt and sslstress.txt modifications are now done on-the-fly at the end of %prep section of nss.spec. That way we don't have keep updating the patches when rebasing.
Comment 6 Elio Maldonado Batiz 2015-09-14 23:14:12 UTC 
Created attachment 1073445 [details]
disable ssl stress tests for ..._TLS_RC4_128_with_MD5 ciphers
Comment 7 Fedora Update System 2016-02-09 15:09:32 UTC 
nss-util-3.22.0-1.0.fc23 nss-softokn-3.22.0-1.0.fc23 nss-3.22.0-1.0.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-53890487b0
Comment 8 Fedora Update System 2016-02-10 18:51:25 UTC 
nspr-4.11.0-1.fc23, nss-3.22.0-1.0.fc23, nss-softokn-3.22.0-1.0.fc23, nss-util-3.22.0-1.0.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-53890487b0
Comment 9 Fedora Update System 2016-02-12 11:50:36 UTC 
nspr-4.11.0-1.fc23, nss-3.22.0-1.0.fc23, nss-softokn-3.22.0-1.0.fc23, nss-util-3.22.0-1.0.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2016-02-12 13:50:51 UTC 
nspr-4.11.0-1.fc22, nss-3.22.0-1.0.fc22, nss-softokn-3.22.0-1.0.fc22, nss-util-3.22.0-1.0.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-2f0441bc7b
Comment 11 Fedora Update System 2016-02-21 02:19:59 UTC 
nspr-4.11.0-1.fc22, nss-3.22.0-1.0.fc22, nss-softokn-3.22.0-1.0.fc22, nss-util-3.22.0-1.0.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.