Bug 1263005 - Flaws in test script and conditional compile for disabling SSL2 and export suites support
Flaws in test script and conditional compile for disabling SSL2 and export su...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: nss (Show other bugs)
rawhide
All Linux
high Severity medium
: ---
: ---
Assigned To: Elio Maldonado Batiz
Fedora Extras Quality Assurance
: Reopened
Depends On: 1123435
Blocks: 1185708 1245627
  Show dependency treegraph
 
Reported: 2015-09-14 17:25 EDT by Elio Maldonado Batiz
Modified: 2016-02-20 21:20 EST (History)
7 users (show)

See Also:
Fixed In Version: nss-3.20.0-3.fc24, nss-3.20.0-1.1.fc23, nss-3.20.0-1.1.fc22 nss-3.22.0-1.0.fc23 nss-3.22.0-1.0.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1123435
Environment:
Last Closed: 2016-02-20 21:20:24 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
disable ssl2 & export ciphers but allow the ..._RSA_WITH_NULL_... ones (4.26 KB, patch)
2015-09-14 17:52 EDT, Elio Maldonado Batiz
no flags Details | Diff
Fix checks for SSL2 and EXPORT cipher suites tests (4.84 KB, patch)
2015-09-14 17:53 EDT, Elio Maldonado Batiz
no flags Details | Diff
tstclnt ssl2 off by default (1.13 KB, patch)
2015-09-14 17:55 EDT, Elio Maldonado Batiz
no flags Details | Diff
disable ssl stress tests for ..._TLS_RC4_128_with_MD5 ciphers (5.11 KB, patch)
2015-09-14 19:14 EDT, Elio Maldonado Batiz
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 1128367 None None None Never

  None (edit)
Comment 1 Elio Maldonado Batiz 2015-09-14 17:41:54 EDT
This bug and its fix has two parts: 

1) The patch to skip ssl2 and export suite suites tests had some shell syntax errors which caused too many tests to be skipped which should shouldn't have been skipped. As a result some failures weren't being detected.

2) The patch to disable support ssl2 and export cipher suites for libssl didn't account in its conditional checks for NULL cipher suites and disabled it as well which it wasn't supposed to do. The fix implemented is the one proposed by Kai on 
https://bugzilla.redhat.com/show_bug.cgi?id=1245627#c15
Comment 2 Elio Maldonado Batiz 2015-09-14 17:52:06 EDT
Created attachment 1073441 [details]
disable ssl2 & export ciphers but allow the ..._RSA_WITH_NULL_... ones
Comment 3 Elio Maldonado Batiz 2015-09-14 17:53:51 EDT
Created attachment 1073442 [details]
Fix checks for SSL2 and EXPORT cipher suites tests
Comment 4 Elio Maldonado Batiz 2015-09-14 17:55:42 EDT
Created attachment 1073443 [details]
tstclnt ssl2 off by default
Comment 5 Elio Maldonado Batiz 2015-09-14 18:34:08 EDT
Comment on attachment 1073442 [details]
Fix checks for SSL2 and EXPORT cipher suites tests

The last chunk with diff --git a/tests/ssl/sslcov.noSSL2orExport.txt b/tests/ssl/sslcov.noSSL2orExport.txt goes away. Per Kai's suggestion the sslcov.txt and sslstress.txt modifications are now done on-the-fly at the end of %prep section of nss.spec. That way we don't have keep updating the patches when rebasing.
Comment 6 Elio Maldonado Batiz 2015-09-14 19:14:12 EDT
Created attachment 1073445 [details]
disable ssl stress tests for ..._TLS_RC4_128_with_MD5 ciphers
Comment 7 Fedora Update System 2016-02-09 10:09:32 EST
nss-util-3.22.0-1.0.fc23 nss-softokn-3.22.0-1.0.fc23 nss-3.22.0-1.0.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-53890487b0
Comment 8 Fedora Update System 2016-02-10 13:51:25 EST
nspr-4.11.0-1.fc23, nss-3.22.0-1.0.fc23, nss-softokn-3.22.0-1.0.fc23, nss-util-3.22.0-1.0.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-53890487b0
Comment 9 Fedora Update System 2016-02-12 06:50:36 EST
nspr-4.11.0-1.fc23, nss-3.22.0-1.0.fc23, nss-softokn-3.22.0-1.0.fc23, nss-util-3.22.0-1.0.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2016-02-12 08:50:51 EST
nspr-4.11.0-1.fc22, nss-3.22.0-1.0.fc22, nss-softokn-3.22.0-1.0.fc22, nss-util-3.22.0-1.0.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-2f0441bc7b
Comment 11 Fedora Update System 2016-02-20 21:19:59 EST
nspr-4.11.0-1.fc22, nss-3.22.0-1.0.fc22, nss-softokn-3.22.0-1.0.fc22, nss-util-3.22.0-1.0.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.