btw, "build only tests" already pass in case of wolfSSL. should we start with "build only wolfSSL CI job" ?
few "vtc" fail for various reasons. вс, 12 мар. 2023 г. в 18:35, Илья Шипицин <chipits...@gmail.com>: > Hello, > > during enabling wolfSSL CI I met the following > > # top TEST reg-tests/ssl/ssl_default_server.vtc FAILED (5.123) exit=2 > > *** h1 debug|<134>Mar 12 12:04:49 haproxy[115196]: unix:1 > [12/Mar/2023:12:04:49.922] ssl-lst/1: SSL client CA chain cannot be verified > *** h1 debug|fd[0x12] OpenSSL error[0x2d] : unknown error number > *** h1 debug|fd[0x12] OpenSSL error[0x139] : received alert fatal error > **** dT 1.152 > *** h1 debug|fd[0x12] OpenSSL error[0x2d] : unknown error number > *** h1 debug|fd[0x12] OpenSSL error[0x139] : received alert fatal error > **** dT 1.157 > *** h1 debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current > date after > *** h1 debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current > date after > *** h1 debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current > date after > *** h1 debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current > date after > *** h1 debug|<134>Mar 12 12:04:51 haproxy[115196]: unix:1 > [12/Mar/2023:12:04:50.963] ssl-lst/1: SSL client CA chain cannot be verified > > > I wonder what is prefferable way of addressing that > > 1) excluding several "vtc" if haproxy is built with wolfSSL > 2) adding "WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY" to cert validation > > cheers, > Ilya >
