btw, "build only tests" already pass in case of wolfSSL. should we start
with "build only wolfSSL CI job" ?

few "vtc" fail for various reasons.

вс, 12 мар. 2023 г. в 18:35, Илья Шипицин <chipits...@gmail.com>:

> Hello,
>
> during enabling wolfSSL CI I met the following
>
> #    top  TEST reg-tests/ssl/ssl_default_server.vtc FAILED (5.123) exit=2
>
> ***  h1    debug|<134>Mar 12 12:04:49 haproxy[115196]: unix:1
> [12/Mar/2023:12:04:49.922] ssl-lst/1: SSL client CA chain cannot be verified
> ***  h1    debug|fd[0x12] OpenSSL error[0x2d] : unknown error number
> ***  h1    debug|fd[0x12] OpenSSL error[0x139] : received alert fatal error
> **** dT    1.152
> ***  h1    debug|fd[0x12] OpenSSL error[0x2d] : unknown error number
> ***  h1    debug|fd[0x12] OpenSSL error[0x139] : received alert fatal error
> **** dT    1.157
> ***  h1    debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
> date after
> ***  h1    debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
> date after
> ***  h1    debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
> date after
> ***  h1    debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
> date after
> ***  h1    debug|<134>Mar 12 12:04:51 haproxy[115196]: unix:1
> [12/Mar/2023:12:04:50.963] ssl-lst/1: SSL client CA chain cannot be verified
>
>
> I wonder what is prefferable way of addressing that
>
> 1) excluding several "vtc" if haproxy is built with wolfSSL
> 2) adding "WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY" to cert validation
>
> cheers,
> Ilya
>

Reply via email to