On Thu, Dec 10, 2009 at 3:28 PM, Ruediger Pluem <rpl...@apache.org> wrote: > Apparently because of the fix in openssl for the TLS renegotiation issue the > following > failed tests now pop up in our test suite (trunk and 2.2.x the same): > > > Failed Test Stat Wstat Total Fail List of Failed > ------------------------------------------------------------------------------- > t/ssl/basicauth.t 3 2 2-3 > t/ssl/env.t 30 15 16-30 > t/ssl/extlookup.t 2 2 1-2 > t/ssl/fakeauth.t 3 2 2-3 > t/ssl/pr12355.t 10 10 1-10 > t/ssl/pr43738.t 4 4 1-4 > t/ssl/proxy.t 172 10 3-7 116-120 > t/ssl/require.t 5 2 2 5 > t/ssl/varlookup.t 72 72 1-72 > t/ssl/verify.t 3 1 2 > 4 tests and 2 subtests skipped.
I picked up almost identical failures on 2.2.14 on OpenSolaris when moving to a dev build with 0.9.8l from a dev build with 0.9.8k. At least a few of those testcases mention renegotiation. As I also picked up another failure that didn't seem to be related, I'll try to find time to perform before/after testing with just the OpenSSL k->l change. It would be helpful to end up with some skip-renegotiation option to skip such tests. Also, when the permanent enable-legacy-renegotiation API is in a released OpenSSL version do we expect to provide access to it from the config as a means for the admin to confirm that whatever server-initiated renegotiation is configured should be allowed?