1263005 – Flaws in test script and conditional compile for disabling SSL2 and export suites support

Bug 1263005 - Flaws in test script and conditional compile for disabling SSL2 and export suites support

Summary: Flaws in test script and conditional compile for disabling SSL2 and export su...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nss
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Elio Maldonado Batiz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	1123435
Blocks:	1185708 1245627
TreeView+	depends on / blocked

Reported:	2015-09-14 21:25 UTC by Elio Maldonado Batiz
Modified:	2016-02-21 02:20 UTC (History)
CC List:	7 users (show)
Fixed In Version:	nss-3.20.0-3.fc24, nss-3.20.0-1.1.fc23, nss-3.20.0-1.1.fc22 nss-3.22.0-1.0.fc23 nss-3.22.0-1.0.fc22
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1123435
Environment:
Last Closed:	2016-02-21 02:20:24 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
disable ssl2 & export ciphers but allow the ..._RSA_WITH_NULL_... ones (4.26 KB, patch) 2015-09-14 21:52 UTC, Elio Maldonado Batiz	no flags	Details \| Diff
Fix checks for SSL2 and EXPORT cipher suites tests (4.84 KB, patch) 2015-09-14 21:53 UTC, Elio Maldonado Batiz	no flags	Details \| Diff
tstclnt ssl2 off by default (1.13 KB, patch) 2015-09-14 21:55 UTC, Elio Maldonado Batiz	no flags	Details \| Diff
disable ssl stress tests for ..._TLS_RC4_128_with_MD5 ciphers (5.11 KB, patch) 2015-09-14 23:14 UTC, Elio Maldonado Batiz	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Mozilla Foundation	1128367	0	--	RESOLVED	syntax errors in some of the test shell scripts	2020-04-07 16:19:24 UTC

Comment 1 Elio Maldonado Batiz 2015-09-14 21:41:54 UTC

This bug and its fix has two parts: 

1) The patch to skip ssl2 and export suite suites tests had some shell syntax errors which caused too many tests to be skipped which should shouldn't have been skipped. As a result some failures weren't being detected.

2) The patch to disable support ssl2 and export cipher suites for libssl didn't account in its conditional checks for NULL cipher suites and disabled it as well which it wasn't supposed to do. The fix implemented is the one proposed by Kai on 
https://bugzilla.redhat.com/show_bug.cgi?id=1245627#c15

Comment 2 Elio Maldonado Batiz 2015-09-14 21:52:06 UTC

Created attachment 1073441 [details]
disable ssl2 & export ciphers but allow the ..._RSA_WITH_NULL_... ones

Comment 3 Elio Maldonado Batiz 2015-09-14 21:53:51 UTC

Created attachment 1073442 [details]
Fix checks for SSL2 and EXPORT cipher suites tests

Comment 4 Elio Maldonado Batiz 2015-09-14 21:55:42 UTC

Created attachment 1073443 [details]
tstclnt ssl2 off by default

Comment 5 Elio Maldonado Batiz 2015-09-14 22:34:08 UTC

Comment on attachment 1073442 [details]
Fix checks for SSL2 and EXPORT cipher suites tests

The last chunk with diff --git a/tests/ssl/sslcov.noSSL2orExport.txt b/tests/ssl/sslcov.noSSL2orExport.txt goes away. Per Kai's suggestion the sslcov.txt and sslstress.txt modifications are now done on-the-fly at the end of %prep section of nss.spec. That way we don't have keep updating the patches when rebasing.

Comment 6 Elio Maldonado Batiz 2015-09-14 23:14:12 UTC

Created attachment 1073445 [details]
disable ssl stress tests for ..._TLS_RC4_128_with_MD5 ciphers

Comment 7 Fedora Update System 2016-02-09 15:09:32 UTC

nss-util-3.22.0-1.0.fc23 nss-softokn-3.22.0-1.0.fc23 nss-3.22.0-1.0.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-53890487b0

Comment 8 Fedora Update System 2016-02-10 18:51:25 UTC

nspr-4.11.0-1.fc23, nss-3.22.0-1.0.fc23, nss-softokn-3.22.0-1.0.fc23, nss-util-3.22.0-1.0.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-53890487b0

Comment 9 Fedora Update System 2016-02-12 11:50:36 UTC

nspr-4.11.0-1.fc23, nss-3.22.0-1.0.fc23, nss-softokn-3.22.0-1.0.fc23, nss-util-3.22.0-1.0.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2016-02-12 13:50:51 UTC

nspr-4.11.0-1.fc22, nss-3.22.0-1.0.fc22, nss-softokn-3.22.0-1.0.fc22, nss-util-3.22.0-1.0.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-2f0441bc7b

Comment 11 Fedora Update System 2016-02-21 02:19:59 UTC

nspr-4.11.0-1.fc22, nss-3.22.0-1.0.fc22, nss-softokn-3.22.0-1.0.fc22, nss-util-3.22.0-1.0.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.