OS X 10.8.3, x64 openssl, no-asm, shared I was running into test failures such as testing internal curves: ........... EC_GROUP_check() failed with curve secp384r1
I applied http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=750398acd85a7ae220d272d28a76dff7bb269c31 to get past this. The tests get further now, but eventually fails with: > There are definitly a few expired certificates > ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo > ../certs/demo/*.pem > ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN > = Test CA (1024 bit) > error 20 at 0 depth lookup:unable to get local issuer certificate > ../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty > Ltd, CN = CA > error 20 at 0 depth lookup:unable to get local issuer certificate > 140735177134556:error:0B06E06B:x509 certificate > routines:X509_get_pubkey_parameters:unable to find parameters in > chain:x509_vfy.c:1804: > ../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty > Ltd, CN = PCA > error 18 at 0 depth lookup:self signed certificate > C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA > error 10 at 0 depth lookup:certificate has expired > OK > ../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, > CN = Test PCA (1024 bit) > error 18 at 0 depth lookup:self signed certificate > C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) > error 10 at 0 depth lookup:certificate has expired > OK > make[1]: *** [test_verify] Error 2 > make: *** [tests] Error 2 --------------------------Start make report----------------------------- des base64 des-cbc des-cbc base64 des-cfb des-cfb base64 des-ecb des-ecb base64 des-ede des-ede base64 des-ede-cbc des-ede-cbc base64 des-ede-cfb des-ede-cfb base64 des-ede-ofb des-ede-ofb base64 des-ede3 des-ede3 base64 des-ede3-cbc des-ede3-cbc base64 des-ede3-cfb des-ede3-cfb base64 des-ede3-ofb des-ede3-ofb base64 des-ofb des-ofb base64 des3 des3 base64 desx desx base64 idea idea base64 idea-cbc idea-cbc base64 idea-cfb idea-cfb base64 idea-ecb idea-ecb base64 idea-ofb idea-ofb base64 rc2 rc2 base64 rc2-40-cbc rc2-40-cbc base64 rc2-64-cbc rc2-64-cbc base64 rc2-cbc rc2-cbc base64 rc2-cfb rc2-cfb base64 rc2-ecb rc2-ecb base64 rc2-ofb rc2-ofb base64 rc4 rc4 base64 rc4-40 rc4-40 base64 seed seed base64 seed-cbc seed-cbc base64 seed-cfb seed-cfb base64 seed-ecb seed-ecb base64 seed-ofb seed-ofb base64 echo test normal x509v1 certificate test normal x509v1 certificate sh ./tx509 2>/dev/null testing X509 conversions p -> d p -> n p -> p d -> d n -> d p -> d d -> n n -> n p -> n d -> p n -> p p -> p echo test first x509v3 certificate test first x509v3 certificate sh ./tx509 v3-cert1.pem 2>/dev/null testing X509 conversions p -> d p -> n p -> p d -> d n -> d p -> d d -> n n -> n p -> n d -> p n -> p p -> p echo test second x509v3 certificate test second x509v3 certificate sh ./tx509 v3-cert2.pem 2>/dev/null testing X509 conversions p -> d p -> n p -> p d -> d n -> d p -> d d -> n n -> n p -> n d -> p n -> p p -> p rsa testing rsa conversions p -> d p -> p d -> d p -> d d -> p p -> p ../util/shlib_wrap.sh ./rsa_test ++ echo ../util/shlib_wrap.sh ++ sed -e 's|[^/]*$||' + THERE=../util/.. + '[' -d ../util/.. ']' + LIBCRYPTOSO=../util/../libcrypto.so + '[' -f ../util/../libcrypto.so ']' + SYSNAME=Darwin + case "$SYSNAME" in + LD_LIBRARY_PATH=../util/..: + DYLD_LIBRARY_PATH=../util/..: + SHLIB_PATH=../util/..: + LIBPATH=../util/..: + export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH + '[' darwin12 '!=' msdosdjgpp ']' + PATH=../util/..:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin + export PATH + '[' -f ../util/../libcrypto.so -a -z '' ']' + cmd=./rsa_test + shift + exec ./rsa_test PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok PKCS #1 v1.5 encryption/decryption ok OAEP encryption/decryption ok testing crl conversions p -> d p -> p d -> d p -> d d -> p p -> p testing session-id conversions p -> d p -> p d -> d p -> d d -> p p -> p Generate and verify a certificate request generating certificate request rsa There should be a 2 sequences of .'s and some +'s. There should not be more that at most 80 per line This could take some time. Generating a 1024 bit RSA private key ..........++++++ .....................++++++ writing new private key to 'testkey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Queensland]: Locality Name (eg, city) []:Brisbane Organization Name (eg, company) []:CryptSoft Pty Ltd Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:Eric Young Email Address []:[email protected] verify OK testing req conversions p -> d p -> p d -> d p -> d d -> p p -> p testing req conversions p -> d p -> p d -> d p -> d d -> p p -> p testing pkcs7 conversions p -> d p -> p d -> d p -> d d -> p p -> p testing pkcs7 conversions (2) p -> d p -> p d -> d p -> d d -> p p -> p The following command should have some OK's and some failures There are definitly a few expired certificates ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem 140735177134556:error:0B06E06B:x509 certificate routines:X509_get_pubkey_parameters:unable to find parameters in chain:x509_vfy.c:1804: ../certs/demo/ca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test CA (1024 bit) error 20 at 0 depth lookup:unable to get local issuer certificate ../certs/demo/dsa-ca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA error 20 at 0 depth lookup:unable to get local issuer certificate ../certs/demo/dsa-pca.pem: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 18 at 0 depth lookup:self signed certificate C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = PCA error 10 at 0 depth lookup:certificate has expired OK ../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 18 at 0 depth lookup:self signed certificate C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit) error 10 at 0 depth lookup:certificate has expired OK make[2]: *** [test_verify] Error 2 make[1]: *** [tests] Error 2 OpenSSL self-test report: OpenSSL version: 1.0.1e Last change: Make the decoding of SSLv3, TLS and DTLS CBC records co.. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
