Bug 436228 - gnutls 2.0 fails Samba4 'make test'
gnutls 2.0 fails Samba4 'make test'
Product: Fedora
Classification: Fedora
Component: gnutls (Show other bugs)
x86_64 Linux
high Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-03-05 19:15 EST by Andrew Bartlett
Modified: 2013-01-09 23:35 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-10-01 07:09:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrew Bartlett 2008-03-05 19:15:32 EST
Description of problem:
Samba4 has a test for it's use of GnuTLS.  We use the API to override send() and
recv() in the library, so our use is probably 'odd'.  In any case, the testsuite
hangs when running against GnuTLS 2.0, but works against 1.6 (Fedora 8) and 2.2
(debian unstable).

Version-Release number of selected component (if applicable):

How reproducible:
every time

Steps to Reproduce:
1. Download Samba4 from git
2. configure
3. make test
Actual results:
Stuck in LDAPS tests

Expected results:
Continue though testsutie

Additional info:

On hosts running GnuTLS 2.0, the test will not proceed.  This isn't just a lack
of entropy issue (suspected and ruled out).  

This was originally seen on Debian unstable PPC64 (when the host was upgraded
from 1.6 to 2.0), but is common to Fedora with the upgrade from Fedora 8 to
rawhide.  Upgrading the Debian unstable PPC64 host to gnutls 2.2 (current
release in Debian unstable) allowed our tests to proceed for the first time in

I am willing to help with anything required to get GnuTLS 2.2 into rawhide
before the upcoming freeze. 

However, perhaps note http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466477
Comment 1 Tomas Mraz 2008-03-06 02:34:20 EST
The problem with version 2.2 is that it breaks ABI requiring rebuild of all
dependencies - given the feature freeze I am afraid that it is too late to
upgrade. It would be much better to find out why it hangs and fix it in 2.0.

If you create a standalone test-case I can try to investigate the problem.
Comment 2 Andrew Bartlett 2008-03-06 04:03:40 EST
Sorry, I have no standalone test case at this time.  

Talking with warren on IRC this morning, he thought there might just be time to
push it though.  It would seem a pity to have to write a gnutls blacklist into
Comment 3 Tomas Mraz 2008-03-06 05:08:13 EST
I don't think there is enough time for that given the experiences with latest
version upgrade of openssl which took a few weeks to settle rawhide to drop all
the deps on the old library.

There is about 70 packages which have to be rebuilt but the rebuild in koji has
to be done in specific order (and there might be dependency loops even).
Comment 4 Warren Togami 2008-03-06 09:59:37 EST
> Talking with warren on IRC this morning, he thought there might just be time to
> push it though.  It would seem a pity to have to write a gnutls blacklist into
> Samba4... 

This is not true.  I only said you should talk to the package owner.
Comment 5 Joe Orton 2008-03-28 16:27:25 EDT
Can you give the specific set of commands to check out and run the Samba test
suite, which demonstrates the hang?
Comment 6 Andrew Bartlett 2008-04-07 06:42:29 EDT
(with gnutls headers in place)

rsync -a ftp.samba.org::ftp/pub/unpacked/samba_4_0_test .
cd samba_4_0_test/source
make test

Comment 7 Tomas Mraz 2008-04-23 09:09:08 EDT
I have tried to approach this from various angles but without a definitve
conclusion. Stracing revealed that the client (ldbsearch) and server (smbd) are
deadlocked each waiting on the other side.

Then I tried to bisect the change in the 2.1.x releases of gnutls to find which
patch caused it to start working. I have found a patch which applied to 2.1.4
makes it work but this patch is already included in 2.0.4 and even doesn't seem
to be related.

My current opinion is that the implementation of event handling on nonblocking
sockets in samba-4.0 might be incorrect in regards to gnutls and that it works
with 1.6.3 and 2.2.x only by chance. One possible reason could be the client or
server in samba prematurely clearing the write event handling although some SSL
data are still to be sent from gnutls.
Comment 8 Andrew Bartlett 2008-04-23 10:18:48 EDT
Hmm, we did that (we added a fake read event, in testing for this bug) for read
handling, but I'll try it for write handling. 

Thanks for all the effort you have obviously put into testing this!

Comment 9 Bug Zapper 2008-05-14 01:48:19 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
Comment 10 Tomas Mraz 2008-10-01 07:09:25 EDT
Unfortunately there is no apparent way how to fix it currently, it might be API problem of GNUTLS with non-blocking io or some problem in Samba.

Note You need to log in before you can comment on or make changes to this bug.