The new OCSP stapling tests in NSS 3.15.3 are all failing on our Solaris
machines. See error log below.
We have a slightly smaller number of failures on Linux.
Are these tests going out to a public OCSP responder on the Internet ?
Or are they trying to go to a locally built one ?
(sorry, I am not the one who built / ran these, just the messenger here).
If it's trying to go out to a public server, as I suspect, that would
explain the failures. We would have to use an HTTP proxy from our
network here. There is no direct Internet connectivity. Is there a way
to make these tests go through an HTTP proxy ? Or can these tests be
selectively turned off ?
ssl.sh: #1907: OCSP stapling, signed response, good status produced a
returncode of 1, expected is 0 - FAILED
ssl.sh: #1908: OCSP stapling, signed response, revoked status produced a
returncode of 1, expected is 3 - FAILED
ssl.sh: #1909: OCSP stapling, signed response, unknown status produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #1910: OCSP stapling, unsigned failure response produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #1911: OCSP stapling, good status, bad signature produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #1912: OCSP stapling, invalid cert status data produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #1913: Valid cert, Server doesn't staple produced a returncode
of 1, expected is 2 - FAILED
ssl.sh: #1914: Stress OCSP stapling, server uses random status produced
a returncode of 1, expected is 0. - FAILED
ssl.sh: #2337: OCSP stapling, signed response, good status produced a
returncode of 1, expected is 0 - FAILED
ssl.sh: #2338: OCSP stapling, signed response, revoked status produced a
returncode of 1, expected is 3 - FAILED
ssl.sh: #2339: OCSP stapling, signed response, unknown status produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #2340: OCSP stapling, unsigned failure response produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #2341: OCSP stapling, good status, bad signature produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #2342: OCSP stapling, invalid cert status data produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #2343: Valid cert, Server doesn't staple produced a returncode
of 1, expected is 2 - FAILED
ssl.sh: #2344: Stress OCSP stapling, server uses random status produced
a returncode of 1, expected is 0. - FAILED
ocsp.sh: #3293: startssl valid, supports OCSP stapling - FAILED
ocsp.sh: #3294: startssl revoked, supports OCSP stapling - FAILED
ocsp.sh: #3298: digicert valid, supports OCSP stapling - FAILED
ocsp.sh: #3299: digicert revoked, supports OCSP stapling - FAILED
ocsp.sh: #3300: live valid, supports OCSP stapling - FAILED
ocsp.sh: #3301: startssl valid, doesn't support OCSP stapling - FAILED
chains.sh: #4013: Test that OCSP server is reachable - FAILED
ssl.sh: #5886: OCSP stapling, signed response, good status produced a
returncode of 1, expected is 0 - FAILED
ssl.sh: #5887: OCSP stapling, signed response, revoked status produced a
returncode of 1, expected is 3 - FAILED
ssl.sh: #5888: OCSP stapling, signed response, unknown status produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #5889: OCSP stapling, unsigned failure response produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #5890: OCSP stapling, good status, bad signature produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #5891: OCSP stapling, invalid cert status data produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #5892: Valid cert, Server doesn't staple produced a returncode
of 1, expected is 2 - FAILED
ssl.sh: #5893: Stress OCSP stapling, server uses random status produced
a returncode of 1, expected is 0. - FAILED
ocsp.sh: #6127: startssl valid, supports OCSP stapling - FAILED
ocsp.sh: #6128: startssl revoked, supports OCSP stapling - FAILED
ocsp.sh: #6132: digicert valid, supports OCSP stapling - FAILED
ocsp.sh: #6133: digicert revoked, supports OCSP stapling - FAILED
ocsp.sh: #6134: live valid, supports OCSP stapling - FAILED
ocsp.sh: #6135: startssl valid, doesn't support OCSP stapling - FAILED
chains.sh: #6832: Test that OCSP server is reachable - FAILED
ssl.sh: #8014: OCSP stapling, signed response, good status produced a
returncode of 1, expected is 0 - FAILED
ssl.sh: #8015: OCSP stapling, signed response, revoked status produced a
returncode of 1, expected is 3 - FAILED
ssl.sh: #8016: OCSP stapling, signed response, unknown status produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #8017: OCSP stapling, unsigned failure response produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #8018: OCSP stapling, good status, bad signature produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #8019: OCSP stapling, invalid cert status data produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #8020: Valid cert, Server doesn't staple produced a returncode
of 1, expected is 2 - FAILED
ssl.sh: #8021: Stress OCSP stapling, server uses random status produced
a returncode of 1, expected is 0. - FAILED
dbtests.sh: #8691: Dbtest r/w succeeded in an readonly directory 0 - FAILED
ssl.sh: #9765: OCSP stapling, signed response, good status produced a
returncode of 1, expected is 0 - FAILED
ssl.sh: #9766: OCSP stapling, signed response, revoked status produced a
returncode of 1, expected is 3 - FAILED
ssl.sh: #9767: OCSP stapling, signed response, unknown status produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #9768: OCSP stapling, unsigned failure response produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #9769: OCSP stapling, good status, bad signature produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #9770: OCSP stapling, invalid cert status data produced a
returncode of 1, expected is 2 - FAILED
ssl.sh: #9771: Valid cert, Server doesn't staple produced a returncode
of 1, expected is 2 - FAILED
ssl.sh: #9772: Stress OCSP stapling, server uses random status produced
a returncode of 1, expected is 0. - FAILED
chains.sh: #10552: Test that OCSP server is reachable - FAILED
Julien
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
