Bug 2264610 - FTBFS: sssd intermediate CA tests fail with OpenSSL 3.2
Summary: FTBFS: sssd intermediate CA tests fail with OpenSSL 3.2
Keywords:
Status: MODIFIED
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: rawhide
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Pavel Březina
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 2272913 (view as bug list)
Depends On:
Blocks: PYTHON3.13 F41FTBFS, RAWHIDEFTBFS
TreeView+ depends on / blocked
 
Reported: 2024-02-16 21:46 UTC by Stephen Gallagher
Modified: 2024-04-03 14:59 UTC (History)
11 users (show)

Fixed In Version: sssd-2.9.4-6.fc41
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Stephen Gallagher 2024-02-16 21:46:43 UTC
$ /usr/bin/make -C src/tests/test_CA/intermediate_CA ca_all
make: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'
test -z "index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf " || rm -f index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf 
rm -rf .libs _libs
rm -rf newcerts
rm -rf softhsm*
rm -rf serial*
rm -f *.lo
/usr/bin/make -C ./.. SSSD_test_CA.pem
make[1]: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
/usr/bin/openssl req -batch -config ./SSSD_test_CA.config -x509 -new -nodes -key SSSD_test_CA_key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out SSSD_test_CA.pem
make[1]: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
ln -s ./../SSSD_test_CA.pem
/usr/bin/openssl req -batch -config ./SSSD_test_intermediate_CA.config -new -nodes -key /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem -sha256 -out SSSD_test_intermediate_CA_req.pem
cd .. && /usr/bin/openssl ca -config /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config -batch -notext -keyfile /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA_key.pem -in /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_req.pem -days 200 -extensions v3_intermediate_ca -out /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.pem
Using configuration from /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
The matching entry has the following details
Type          :Valid
Expires on    :240903175906Z
Serial Number :08
File name     :unknown
Subject Name  :/O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
make: *** [Makefile:756: SSSD_test_intermediate_CA.pem] Error 1
make: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'


Reproducible: Always

Steps to Reproduce:
1.Build SSSD and run the intermediate CA tests
2.
3.
Actual Results:  
$ /usr/bin/make -C src/tests/test_CA/intermediate_CA ca_all
make: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'
test -z "index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf " || rm -f index.txt  index.txt.attr index.txt.attr.old  index.txt.old SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_req.pem SSSD_test_intermediate_CA_full_db.pem SSSD_test_CA.pem pwdfile SSSD_test_intermediate_CA_cert_x509_0001.pem SSSD_test_intermediate_CA_cert_x509_0001.h SSSD_test_intermediate_CA_cert_pubsshkey_0001.pub SSSD_test_intermediate_CA_cert_pubsshkey_0001.h SSSD_test_intermediate_CA_cert_pkcs12_0001.pem softhsm2_*.conf 
rm -rf .libs _libs
rm -rf newcerts
rm -rf softhsm*
rm -rf serial*
rm -f *.lo
/usr/bin/make -C ./.. SSSD_test_CA.pem
make[1]: Entering directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
/usr/bin/openssl req -batch -config ./SSSD_test_CA.config -x509 -new -nodes -key SSSD_test_CA_key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out SSSD_test_CA.pem
make[1]: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA'
ln -s ./../SSSD_test_CA.pem
/usr/bin/openssl req -batch -config ./SSSD_test_intermediate_CA.config -new -nodes -key /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem -sha256 -out SSSD_test_intermediate_CA_req.pem
cd .. && /usr/bin/openssl ca -config /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config -batch -notext -keyfile /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA_key.pem -in /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_req.pem -days 200 -extensions v3_intermediate_ca -out /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.pem
Using configuration from /home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA/../SSSD_test_CA.config
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
The matching entry has the following details
Type          :Valid
Expires on    :240903175906Z
Serial Number :08
File name     :unknown
Subject Name  :/O=SSSD/OU=SSSD test/CN=SSSD test intermediate CA
make: *** [Makefile:756: SSSD_test_intermediate_CA.pem] Error 1
make: Leaving directory '/home/sgallagh/localworkspace/sssd/src/tests/test_CA/intermediate_CA'


Expected Results:  
Successful test run.

Comment 1 Alexey Tikhonov 2024-02-19 08:03:33 UTC
Pushed PR: https://github.com/SSSD/sssd/pull/7151

* `master`
    * 32b72c7c3303edb2bf55ae9a22e8db7855f3d7d1 - tests: Drop -extensions from openssl command if there is no -x509
* `sssd-2-9`
    * a453f9625b40a0a1fbcf055ffa196121f2b248b5 - tests: Drop -extensions from openssl command if there is no -x509

Comment 2 Alexey Tikhonov 2024-04-03 09:35:51 UTC
*** Bug 2272913 has been marked as a duplicate of this bug. ***

Comment 3 Alexey Tikhonov 2024-04-03 09:45:12 UTC
https://src.fedoraproject.org/rpms/sssd/pull-request/45#


Note You need to log in before you can comment on or make changes to this bug.