2264610 – FTBFS: sssd intermediate CA tests fail with OpenSSL 3.2

Bug 2264610 - FTBFS: sssd intermediate CA tests fail with OpenSSL 3.2

Summary: FTBFS: sssd intermediate CA tests fail with OpenSSL 3.2

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sssd
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Pavel Březina
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2272913 (view as bug list)
Depends On:
Blocks:	F41FTBFS PYTHON3.13
TreeView+	depends on / blocked

Reported:	2024-02-16 21:46 UTC by Stephen Gallagher
Modified:	2024-10-17 23:11 UTC (History)
CC List:	11 users (show)
Fixed In Version:	sssd-2.9.4-6.fc41 sssd-2.10.0-1.fc41
Clone Of:
Environment:
Last Closed:	2024-10-17 23:11:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Stephen Gallagher 2024-02-16 21:46:43 UTC

$ /usr/bin/make -C src/tests/test_CA/intermediate_CA ca_all
make: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'
test -z "index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf " || rm -f index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf 
rm -rf .libs _libs
rm -rf newcerts
rm -rf softhsm*
rm -rf serial*
rm -f *.lo
/usr/bin/make -C ./.. SSSD_test_CA.pem
make[1]: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
/usr/bin/openssl req -batch -config ./SSSD_test_CA.config -x509 -new -nodes -key SSSD_test_CA_key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out SSSD_test_CA.pem
make[1]: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
ln -s ./../SSSD_test_CA.pem
/usr/bin/openssl req -batch -config ./SSSD_test_intermediate_CA.config -new -nodes -key /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem -sha256 -out SSSD_test_intermediate_CA_req.pem
cd .. && /usr/bin/openssl ca -config /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config -batch -notext -keyfile /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA_key.pem -in /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_req.pem -days 200 -extensions v3_intermediate_ca -out /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.pem
Using configuration from /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
The matching entry has the following details
Type          :Valid
Expires on    :240903175906Z
Serial Number :08
File name     :unknown
Subject Name  :/O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
make: *** [Makefile:756: SSSD_test_intermediate_CA.pem] Error 1
make: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'


Reproducible: Always

Steps to Reproduce:
1.Build SSSD and run the intermediate CA tests
2.
3.
Actual Results:  
$ /usr/bin/make -C src/tests/test_CA/intermediate_CA ca_all
make: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'
test -z "index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf " || rm -f index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf 
rm -rf .libs _libs
rm -rf newcerts
rm -rf softhsm*
rm -rf serial*
rm -f *.lo
/usr/bin/make -C ./.. SSSD_test_CA.pem
make[1]: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
/usr/bin/openssl req -batch -config ./SSSD_test_CA.config -x509 -new -nodes -key SSSD_test_CA_key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out SSSD_test_CA.pem
make[1]: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
ln -s ./../SSSD_test_CA.pem
/usr/bin/openssl req -batch -config ./SSSD_test_intermediate_CA.config -new -nodes -key /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem -sha256 -out SSSD_test_intermediate_CA_req.pem
cd .. && /usr/bin/openssl ca -config /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config -batch -notext -keyfile /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA_key.pem -in /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_req.pem -days 200 -extensions v3_intermediate_ca -out /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.pem
Using configuration from /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
The matching entry has the following details
Type          :Valid
Expires on    :240903175906Z
Serial Number :08
File name     :unknown
Subject Name  :/O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
make: *** [Makefile:756: SSSD_test_intermediate_CA.pem] Error 1
make: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'


Expected Results:  
Successful test run.

Comment 1 Alexey Tikhonov 2024-02-19 08:03:33 UTC

Pushed PR: https://github.com/SSSD/sssd/pull/7151

* `master`
    * 32b72c7c3303edb2bf55ae9a22e8db7855f3d7d1 - tests: Drop -extensions from openssl command if there is no -x509
* `sssd-2-9`
    * a453f9625b40a0a1fbcf055ffa196121f2b248b5 - tests: Drop -extensions from openssl command if there is no -x509

Comment 2 Alexey Tikhonov 2024-04-03 09:35:51 UTC

*** Bug 2272913 has been marked as a duplicate of this bug. ***

Comment 3 Alexey Tikhonov 2024-04-03 09:45:12 UTC

https://src.fedoraproject.org/rpms/sssd/pull-request/45#

Comment 4 Alexey Tikhonov 2024-04-03 12:31:06 UTC

https://src.fedoraproject.org/rpms/sssd/c/cd2652550c6474787e7abd92485f3ef388dbf48a?branch=rawhide

Comment 5 Fedora Update System 2024-10-15 12:36:11 UTC

FEDORA-2024-73827b9035 (sssd-2.10.0-1.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-73827b9035

Comment 6 Fedora Update System 2024-10-16 02:02:27 UTC

FEDORA-2024-73827b9035 has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-73827b9035`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-73827b9035

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2024-10-17 23:11:40 UTC

FEDORA-2024-73827b9035 (sssd-2.10.0-1.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.