Comments (12)
anlexN
commented on September 22, 2024
1
I have another question: server port and client port must be matched in this test?
from openssl.
anlexN
commented on September 22, 2024
1
@nhorman @t8m @alex @JackDanger I value your feedback.
from openssl.
t8m
commented on September 22, 2024
Can you please run make test TESTS='test_sslrecords' V=1 and paste the output where it is hanging here? Ideally not as a screenshot.
from openssl.
anlexN
commented on September 22, 2024
$ make V=1 TESTS='test_sslrecords' test
"make" depend && "make" _tests
make[1]: Entering directory '/e/workspace/github.com/openssl/mingw-ucrt64'
make[1]: Leaving directory '/e/workspace/github.com/openssl/mingw-ucrt64'
make[1]: Entering directory '/e/workspace/github.com/openssl/mingw-ucrt64'
"make" run_tests
make[2]: Entering directory '/e/workspace/github.com/openssl/mingw-ucrt64'
( SRCTOP=../openssl \
BLDTOP=. \
PERL="perl" \
FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
EXE_EXT=.exe \
perl ../openssl/test/run_tests.pl test_sslrecords )
00-prep_fipsmodule_cnf.t ..
# The results of this test will end up in test-runs/prep_fipsmodule
1..0 # SKIP FIPS module config file only supported in a fips build
skipped: FIPS module config file only supported in a fips build
Files=1, Tests=0, 1 wallclock secs ( 0.00 usr 0.02 sys + 0.27 cusr 0.28 csys = 0.56 CPU)
Result: NOTESTS
70-test_sslrecords.t ..
# The results of this test will end up in test-runs/test_sslrecords
1..42
Proxy started on port [::1]:43809
Server command: ../../util/wrap.pl ../../apps/openssl.exe s_server -no_comp -engine ossltest -state -ext_cache -accept [::1]:0 -cert ../../../openssl/apps/server.pem -cert2 ../../../openssl/apps/server.pem -naccept 1 -rev -max_protocol TLSv1.3 -cipher AES128-SHA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_2
Engine "ossltest" set.
Using default temp DH parameters
ACCEPT [::1]:43810
Server responds on [::1]:43810
Client command: ../../util/wrap.pl ../../apps/openssl.exe s_client -engine ossltest -connect [::1]:43809 -max_protocol TLSv1.3 -no_tls1_3 -servername localhost
SSL_accept:before SSL initialization
Engine "ossltest" set.
s_client didn't try to connect
SSL3 alert write:fatal:decode error
SSL_accept:error in error
CONNECTION FAILURE
D45B0000:error:0A000126:SSL routines::unexpected eof while reading:../openssl/ssl/record/rec_layer_s3.c:687:
# Looks like your test exited with 29 before it could output anything.
Dubious, test returned 29 (wstat 7424, 0x1d00)
Failed 42/42 subtests
Test Summary Report
-------------------
70-test_sslrecords.t (Wstat: 7424 (exited 29) Tests: 0 Failed: 0)
Non-zero exit status: 29
Parse errors: Bad plan. You planned 42 tests but ran 0.
Files=1, Tests=0, 61 wallclock secs ( 0.02 usr 0.02 sys + 0.28 cusr 0.23 csys = 0.55 CPU)
Result: FAIL
make[2]: *** [Makefile:3744: run_tests] Error 1
make[2]: Leaving directory '/e/workspace/github.com/openssl/mingw-ucrt64'
make[1]: *** [Makefile:3741: _tests] Error 2
make[1]: Leaving directory '/e/workspace/github.com/openssl/mingw-ucrt64'
make: *** [Makefile:3739: tests] Error 2my build folder is /e/workspace/github.com/openssl/mingw-ucrt64
openssl folder is /e/workspace/github.com/openssl/openssl
obviously, I think problem is started from Server command, it is path problem.
from openssl.
nhorman
commented on September 22, 2024
If you attempt to run the s_server and s_client commands manually from the command line, do either of them issue any additional warnings (or more likely crash)?
from openssl.
anlexN
commented on September 22, 2024
after mannually update Server command:
$ ./util/wrap.pl ./apps/openssl.exe s_server -no_comp -engine ossltest -state -ext_cache -accept [::1]:0 -cert ../openssl/apps/server.pem -cert2 ../openssl/apps/server.pem -naccept 1 -rev -max_protocol TLSv1.3 -cipher AES128-SHA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_2
Engine "ossltest" set.
Using default temp DH parameters
ACCEPT [::1]:45173
It is accepting, This should have no problem.
After mannually update Client command:
$ ./util/wrap.pl ./apps/openssl.exe s_client -engine ossltest -connect [::1]:43809 -max_protocol TLSv1.3 -no_tls1_3 -servername localhost
Engine "ossltest" set.
805F0000:error:8000274D:system library:BIO_connect:Unknown error:../openssl/crypto/bio/bio_sock2.c:178:calling connect()
805F0000:error:10000067:BIO routines:BIO_connect:connect error:../openssl/crypto/bio/bio_sock2.c:180:
connect:errno=0I think it should be openssl source code problem.
from openssl.
nhorman
commented on September 22, 2024
Its a system call error. the above is indicating that the call to connect returned -1 with errno set to 0. IIRC that typically occurs because the connect call actually attempted to establish a tcp connection with the remote process, but the handshake traffic was blocked for some reason. Nominally, this can be caused iptables or other network administrative rules in the ip stack blocking said traffic. Do you have a firewall or other iptables/similar rules established? If so, can you disable your firewall and try again?
from openssl.
anlexN
commented on September 22, 2024
I have turned off all firewall.
I have run these two command as administrator:
# ./util/wrap.pl ./apps/openssl.exe s_server -no_comp -engine ossltest -state -ext_cache -accept [::1]:0 -cert ../openssl/apps/server.pem -cert2 ../openssl/apps/server.pem -naccept 1 -rev -max_protocol TLSv1.3 -cipher AES128-SHA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_2
Engine "ossltest" set.
Using default temp DH parameters
ACCEPT [::1]:46228# ./util/wrap.pl ./apps/openssl.exe s_client -engine ossltest -connect [::1]:43809 -max_protocol TLSv1.3 -no_tls1_3 -servername localhost
Engine "ossltest" set.
C06B0000:error:8000274D:system library:BIO_connect:Unknown error:../openssl/crypto/bio/bio_sock2.c:178:calling connect()
C06B0000:error:10000067:BIO routines:BIO_connect:connect error:../openssl/crypto/bio/bio_sock2.c:180:
connect:errno=0
still be broken, what happened?
Now I turn on all firewall, not run as administrator, **set Server command port and Client command port are the same 46485
Server command:
$ ./util/wrap.pl ./apps/openssl.exe s_server -no_comp -engine ossltest -state -ext_cache -accept [::1]:46485 -cert ../openssl/apps/server.pem -cert2 ../openssl/apps/server.pem -naccept 1 -rev -max_protocol TLSv1.3 -cipher AES128-SHA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_2
Engine "ossltest" set.
Using default temp DH parameters
ACCEPT
SSL_accept:before SSL initialization
SSL_accept:before SSL initialization
SSL_accept:SSLv3/TLS read client hello
Segmentation fault (core dumped)Client command:
$ ./util/wrap.pl ./apps/openssl.exe s_client -engine ossltest -connect [::1]:46485 -max_protocol TLSv1.3 -no_tls1_3 -servername localhost
Engine "ossltest" set.
Connecting to ::1
CONNECTED(00000138)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 215 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1716290511
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---This time, what happened too?
from openssl.
nhorman
commented on September 22, 2024
so, you answered your own question :)
you disabled your firewall, which allows the ssl client to make contact with the ssl server, but when you ran the commands you didn't specify a target port on the client, so it attempted to connect to the default server port, which the server wasn't listening on, so the connection failed.
Then, when you re-ran the commands, you properly matched the server listening port with the client target port, and everything worked.
from openssl.
anlexN
commented on September 22, 2024
$ ./util/wrap.pl ./apps/openssl.exe s_client -engine ossltest -connect [::1]:46485 -max_protocol TLSv1.3 -no_tls1_3 -servername localhost
Engine "ossltest" set.
Connecting to ::1
CONNECTED(00000138)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 215 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1716290511
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---is this client command output correct? do you see "write:errno=10054" in the output?
from openssl.
anlexN
commented on September 22, 2024
I have third question: mingw32-make run_tests V=1 TESTS='test_sslrecords' is stopped:
In the openssl/test/recipes/, from 00-test* to 99-test*, only this test is stopped and not give me Result: PASS. others give me Result: PASS:
from openssl.
alex
commented on September 22, 2024
Please do not ping random people, it's rude. Especially don't ping me, I'm not even involved in maintaining OpenSSL.
from openssl.
Related Issues (20)
- Segmentation fault for acert-test HOT 2
- curl: (35) OpenSSL/3.3.1: error:80000002:system library::No such file or directory HOT 6
- TLSv1.3: Incoming CCS message (SSL3_RT_CHANGE_CIPHER_SPEC) not detected using SSL_set_msg_callback HOT 6
- FIPS check for correct provider seems incorrect HOT 1
- Controlling TLS extensions via Configuration file HOT 1
- When TLSv1.3 uses SSL_set_psk_client_callback, the client will reject HRR that select a ciphersuite with SHA384
- SSL error: Last octet invalid HOT 2
- git.openssl.org seems to be down. HOT 1
- FIPSVersion should not limit an evp_test testcase to the fips provider HOT 1
- ThreadSanitizer reports data race in `SSL_do_handshake` HOT 16
- Weird failure in test_speed on NonStop HOT 2
- can compitible libtool as a archive maker? HOT 4
- OpenSSL crashes inside Curl HOT 3
- Code review question for X509_NAME_print_ex method calls HOT 1
- OpenSSL CMS decryption not working with external providers HOT 1
- The error message for CURL accessing SSL certificate expiration on MAC OS is: No such file or directory HOT 3
- Why are the key, IV, and CTX in the OpenSSL enc do not init in EVP_CipherInit_ex once? HOT 1
- Why are the key, IV, and CTX in the OpenSSL enc do not init in EVP_CipherInit_ex once?
- OpenSSL decoder cannot decode sm2 private key in PEM format HOT 1
- how to generate PKEY-SM2 and how to use SM2 encryption? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssl.