Bug 1263005 - Flaws in test script and conditional compile for disabling SSL2 and export suites support
Summary: Flaws in test script and conditional compile for disabling SSL2 and export su...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: nss
Version: rawhide
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Elio Maldonado Batiz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 1123435
Blocks: 1185708 1245627
TreeView+ depends on / blocked
 
Reported: 2015-09-14 21:25 UTC by Elio Maldonado Batiz
Modified: 2016-02-21 02:20 UTC (History)
7 users (show)

Fixed In Version: nss-3.20.0-3.fc24, nss-3.20.0-1.1.fc23, nss-3.20.0-1.1.fc22 nss-3.22.0-1.0.fc23 nss-3.22.0-1.0.fc22
Doc Type: Bug Fix
Doc Text:
Clone Of: 1123435
Environment:
Last Closed: 2016-02-21 02:20:24 UTC


Attachments (Terms of Use)
disable ssl2 & export ciphers but allow the ..._RSA_WITH_NULL_... ones (4.26 KB, patch)
2015-09-14 21:52 UTC, Elio Maldonado Batiz
no flags Details | Diff
Fix checks for SSL2 and EXPORT cipher suites tests (4.84 KB, patch)
2015-09-14 21:53 UTC, Elio Maldonado Batiz
no flags Details | Diff
tstclnt ssl2 off by default (1.13 KB, patch)
2015-09-14 21:55 UTC, Elio Maldonado Batiz
no flags Details | Diff
disable ssl stress tests for ..._TLS_RC4_128_with_MD5 ciphers (5.11 KB, patch)
2015-09-14 23:14 UTC, Elio Maldonado Batiz
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Mozilla Foundation 1128367 None None None Never

Comment 1 Elio Maldonado Batiz 2015-09-14 21:41:54 UTC
This bug and its fix has two parts: 

1) The patch to skip ssl2 and export suite suites tests had some shell syntax errors which caused too many tests to be skipped which should shouldn't have been skipped. As a result some failures weren't being detected.

2) The patch to disable support ssl2 and export cipher suites for libssl didn't account in its conditional checks for NULL cipher suites and disabled it as well which it wasn't supposed to do. The fix implemented is the one proposed by Kai on 
https://bugzilla.redhat.com/show_bug.cgi?id=1245627#c15

Comment 2 Elio Maldonado Batiz 2015-09-14 21:52:06 UTC
Created attachment 1073441 [details]
disable ssl2 & export ciphers but allow the ..._RSA_WITH_NULL_... ones

Comment 3 Elio Maldonado Batiz 2015-09-14 21:53:51 UTC
Created attachment 1073442 [details]
Fix checks for SSL2 and EXPORT cipher suites tests

Comment 4 Elio Maldonado Batiz 2015-09-14 21:55:42 UTC
Created attachment 1073443 [details]
tstclnt ssl2 off by default

Comment 5 Elio Maldonado Batiz 2015-09-14 22:34:08 UTC
Comment on attachment 1073442 [details]
Fix checks for SSL2 and EXPORT cipher suites tests

The last chunk with diff --git a/tests/ssl/sslcov.noSSL2orExport.txt b/tests/ssl/sslcov.noSSL2orExport.txt goes away. Per Kai's suggestion the sslcov.txt and sslstress.txt modifications are now done on-the-fly at the end of %prep section of nss.spec. That way we don't have keep updating the patches when rebasing.

Comment 6 Elio Maldonado Batiz 2015-09-14 23:14:12 UTC
Created attachment 1073445 [details]
disable ssl stress tests for ..._TLS_RC4_128_with_MD5 ciphers

Comment 7 Fedora Update System 2016-02-09 15:09:32 UTC
nss-util-3.22.0-1.0.fc23 nss-softokn-3.22.0-1.0.fc23 nss-3.22.0-1.0.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-53890487b0

Comment 8 Fedora Update System 2016-02-10 18:51:25 UTC
nspr-4.11.0-1.fc23, nss-3.22.0-1.0.fc23, nss-softokn-3.22.0-1.0.fc23, nss-util-3.22.0-1.0.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-53890487b0

Comment 9 Fedora Update System 2016-02-12 11:50:36 UTC
nspr-4.11.0-1.fc23, nss-3.22.0-1.0.fc23, nss-softokn-3.22.0-1.0.fc23, nss-util-3.22.0-1.0.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2016-02-12 13:50:51 UTC
nspr-4.11.0-1.fc22, nss-3.22.0-1.0.fc22, nss-softokn-3.22.0-1.0.fc22, nss-util-3.22.0-1.0.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-2f0441bc7b

Comment 11 Fedora Update System 2016-02-21 02:19:59 UTC
nspr-4.11.0-1.fc22, nss-3.22.0-1.0.fc22, nss-softokn-3.22.0-1.0.fc22, nss-util-3.22.0-1.0.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.