Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

7.88.0 test fail : 320 321 322 324 #10522

Closed
fundawang opened this issue Feb 15, 2023 · 5 comments
Closed

7.88.0 test fail : 320 321 322 324 #10522

fundawang opened this issue Feb 15, 2023 · 5 comments
Labels
tests TLS

Comments

@fundawang
Copy link

I did this

Build curl 7.88.0 under Anolis OS (Fedora rawhide based), with openssl 3.0.7

I expected the following

Test succeed

curl/libcurl version

7.88.0

operating system

Anolis OS (Fedora rawhide based), with openssl 3.0.7

I've attached the cutted build.log , and full build log here:
https://build.openanolis.cn/taskinfo?taskID=537820

FYI, if ssl settings needed, it goes the same with RHEL9.
@bagder bagder added the tests label Feb 15, 2023
@bagder
Copy link
Member

bagder commented Feb 15, 2023 

 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:25014

What OpenSSL is this? Does it know SRP?

@bagder bagder added the TLS label Feb 15, 2023
@bagder
Copy link
Member

bagder commented Feb 15, 2023

Oh, it might your gnutls-serv that does not support SRP based on this output:

 Syntax error at: +SRP

... I wonder how we could figure that out!?

@fundawang
Copy link
Author

fundawang commented Feb 15, 2023
edited

Oh, it might your gnutls-serv that does not support SRP based on this output:

 Syntax error at: +SRP

... I wonder how we could figure that out!?

Is it caused by gnutls 3.8.0?

** libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not up to
date with the latest TLS standards and its ciphersuites are based
on the CBC mode and SHA-1.

@bagder
Copy link
Member

bagder commented Feb 15, 2023

It could be disabled in earlier versions as well. The test suite should check if gnutls-serv actually supports it before using it, but it's not clear how to do it.

I suppose the gnutls-serv -l output is the key somehow.

bagder added a commit that referenced this issue Feb 15, 2023
@bagder
tests: make sure gnuserv-tls has SRP support before using it
e1985b9 
Reported-by: fundawang on github
Fixes #10522
@bagder bagder mentioned this issue Feb 15, 2023
Closed
@fundawang
Copy link
Author

Thanks, the patch works as expected, the tests are skipped.

bagder added a commit that referenced this issue Feb 15, 2023
@bagder
tests: make sure gnuserv-tls has SRP support before using it
2fdc1d8 
Reported-by: fundawang on github
Fixes #10522
Closes #10524
bch pushed a commit to bch/curl that referenced this issue Jul 19, 2023
@bagder @bch
tests: make sure gnuserv-tls has SRP support before using it
5ba7a9f 
Reported-by: fundawang on github
Fixes curl#10522
Closes curl#10524
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tests TLS
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

tests: make sure gnuserv-tls has SRP support before using it curl/curl
2 participants
@bagder @fundawang