Description of problem: The maraidb self tests include a SSLv3 test. With the padding attack on SSLv3, should this test be updated to TLS as recent versions of openssl strongly prefer it? Version-Release number of selected component (if applicable):mariadb55-mariadb-5.5.41-12.el6 How reproducible:100% Steps to Reproduce: 1. review test code for main.openssl_1 2. 3. Actual results: uses SSLv3 to verify encryption channel Expected results: uses TLS to verify encryption channel Additional info:
Thanks for the report, I've reported it to upstream: https://mariadb.atlassian.net/browse/MDEV-7547
Actually there is another openssl-related test, that tests TLS: openssl_6975.test, which covers at least some part of TLS. If you have any other improvements for this test, I'd like to hear it, thanks.
Now I see the test was skipped during build with comment 'no or too old openssl', so we'll investigate. Changing needinfo for me to track where is needed some work now.
What is important, the tests pass when running manually. However, they don't get run during build because for getting information if openssl supports TLS the mariadb test suite uses openssl binary, which is not available during build. So the fix for running openssl_6975 test is: BuildRequires: openssl
Both (rhel6, rhel7) spec files contains: BuildRequires: openssl So test openssl_6975.test will use it. And as I understand it correctly, test main.openssl_1 will be kept as it is, according to: "Can we close this issue? I'd prefer to keep at least some SSLv3 tests to be able to test yassl (and old openssl, we have it on a couple of builders) tests." from upstream bug. Marking as SanityOnly.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2015-1062.html