Apache-Test, httpd-2.2.31 - help with debug/understanding t/ssl related error_log requested

Sat, 25 Jul 2015 06:20:32 -0700

I have built, and "tested" httpd-2.2.31 - and while 2.4.16 has no errors, 2.2.31 reports some errors. I have tried to understand the error_log, but I am not making any sense of the output.
This is using OpenSSL. Same errors, and basically same error_log output regardless of linked against OpenSSL-0.9.8.so or OpenSSL-1.0.0.so (i.e., the same tests fail). 


FYI: I have also tested against LibreSSL and get many more messages. And 
the good news is that there were many more failed tests with version 
2.2.29 - so version 2.2.31 has corrected many t/ssl errors compared to 
2.2.29


Suggestions/Hints on how to proceed welcome (read requested).

Procedure used:
First ran "t/TEST t/ssl" to get the general results (see Extra info below)
then: the following sequence

t/TEST -start-httpd
# clear the logs

for i in access_log error_log rewrite_log 
ssl_request_log^Jdo^J>t/logs/$i^Jdone

t/TEST t/ssl/extlookup.t
cp -rp t/logs 2.2.31/extlookup.t.logs


for i in access_log error_log rewrite_log 
ssl_request_log^Jdo^J>t/logs/$i^Jdone

t/TEST t/ssl/require.t
cp -rp t/logs 2.2.31/require.t.logs

t/TEST -stop-httpd
END of procedure...

** Comments/Current Thoughts **
re: "REQUIRE"

a) I do not understand why the "require" test even has the Failed 
expression (cannot find "Lemons", as it is not in the require.t test - 
but is part of the text for in the test extlookup.t


b) I am guessing this is not the failing test in the require.t test ...

[Sat Jul 25 12:34:02 2015] [debug] ssl_engine_kernel.c(1842): OpenSSL: 
Loop: SSLv3 flush data
[Sat Jul 25 12:34:02 2015] [debug] ssl_engine_kernel.c(1838): OpenSSL: 
Handshake: done
[Sat Jul 25 12:34:02 2015] [info] Connection: Client IP: 127.0.0.1, 
Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
[Sat Jul 25 12:34:02 2015] [info] [client 127.0.0.1] Access to 
/data/prj/apache/httpd/test/t/htdocs/index.html denied for 127.0.0.1 
(requirement expression not fulfilled)
[Sat Jul 25 12:34:02 2015] [info] [client 127.0.0.1] Failed expression: 
(%{SSL_CIPHER} !~ m/^(EXP|NULL)-/                         and 
%{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd."
                      and %{SSL_CLIENT_S_DN_OU} 
in                              {"Staff", "CA", "Dev"} )
[Sat Jul 25 12:34:02 2015] [error] [client 127.0.0.1] access to 
/data/prj/apache/httpd/test/t/htdocs/index.html failed, reason: SSL 
requirement expression not fulfilled (see SSL

logfile for more details)

[Sat Jul 25 12:34:02 2015] [debug] ssl_engine_kernel.c(1852): OpenSSL: 
Write: SSL negotiation finished successfully
[Sat Jul 25 12:34:02 2015] [info] [client 127.0.0.1] Connection closed 
to child 2 with standard shutdown (server loopback:8532)
[Sat Jul 25 12:34:02 2015] [info] [client 127.0.0.1] Connection to child 
1 established (server loopback:8532)

[Sat Jul 25 12:34:02 2015] [info] Seeding PRNG with 136 bytes of entropy



c)but I think this might be... except - it would seem to make more sense 
as a message from the extlookup.t or is this just coming much too late 
in the error_log (i.e., a late flush of a log?)?



[Sat Jul 25 12:34:02 2015] [info] Connection: Client IP: 127.0.0.1, 
Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
[Sat Jul 25 12:34:02 2015] [info] [client 127.0.0.1] Access to 
/data/prj/apache/httpd/test/t/htdocs/index.html denied for 127.0.0.1 
(requirement expression not fulfilled)
[Sat Jul 25 12:34:02 2015] [info] [client 127.0.0.1] Failed expression: 
"Lemons" in OID("1.3.6.1.4.1.18060.12.0")
[Sat Jul 25 12:34:02 2015] [error] [client 127.0.0.1] access to 
/data/prj/apache/httpd/test/t/htdocs/index.html failed, reason: SSL 
requirement expression not fulfilled (see SSL

logfile for more details)

[Sat Jul 25 12:34:02 2015] [debug] ssl_engine_kernel.c(1852): OpenSSL: 
Write: SSL negotiation finished successfully
[Sat Jul 25 12:34:02 2015] [info] [client 127.0.0.1] Connection closed 
to child 2 with standard shutdown (server loopback:8532)



root@x064:[/data/prj/apache/httpd/test/2.2.31]grep 18060 ../t/ssl/*.t
../t/ssl/extlookup.t:   "1.3.6.1.4.1.18060.12.0" => "Lemons",

Extra INFO

root@x064:[/data/prj/apache/httpd/test]t/TEST t/ssl
[warning] setting ulimit to allow core files

ulimit -c unlimited; /usr/opt/perl5/bin/perl 
/data/prj/apache/httpd/test/t/TEST 't/ssl'
[   info] adding source lib /data/prj/apache/httpd/test/Apache-Test/lib 
to @INC

t/ssl/basicauth.t .. ok
t/ssl/env.t ........ ok
t/ssl/extlookup.t .. 1/4 # Failed test 2 in t/ssl/extlookup.t at line 27
t/ssl/extlookup.t .. Failed 1/4 subtests
t/ssl/fakeauth.t ... ok
t/ssl/headers.t .... ok
t/ssl/http.t ....... ok
t/ssl/pr12355.t .... ok
t/ssl/pr43738.t .... ok
t/ssl/proxy.t ...... ok
t/ssl/require.t .... 8/10 # Failed test 9 in t/ssl/require.t at line 44
t/ssl/require.t .... Failed 1/10 subtests
t/ssl/v2.t ......... ok
t/ssl/varlookup.t .. ok
t/ssl/verify.t ..... ok

Test Summary Report
-------------------
t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 1)
  Failed test:  2
t/ssl/require.t  (Wstat: 0 Tests: 10 Failed: 1)
  Failed test:  9

Files=13, Tests=318, 82 wallclock secs ( 0.40 usr  0.05 sys + 18.48 
cusr  6.40 csys = 25.33 CPU)

Result: FAIL
Failed 2/13 test programs. 2/318 subtests failed.
[  error] error running tests (please examine t/logs/error_log)

















    











					Reply via email to