Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: unable to update some crypto/tls recorded tests #31809

Closed
derekparker opened this issue May 2, 2019 · 5 comments
Closed

crypto/tls: unable to update some crypto/tls recorded tests #31809

derekparker opened this issue May 2, 2019 · 5 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Testing An issue that has been verified to require only test changes, not just a test failure.
Milestone
Backlog

Comments

@derekparker
Copy link
Contributor

What version of Go are you using (go version)?

$ rhel8-7d32e1526b2a-0# ../../../bin/go version                                          
$ go version devel +d2765de863 Thu May 2 15:38:36 2019 +0000 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ rhel8-7d32e1526b2a-0# ../../../bin/go env    
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go"
GOPROXY="direct"
GOROOT="/go"
GOSUMDB="off"
GOTMPDIR=""
GOTOOLDIR="/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/go/src/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build126288050=/tmp/go-build -gno-record-gcc-switches"

What did you do?

I attempted to update some of the recorded TLS tests using OpenSSL 1.1.1 built and configured according to the recommended way: ./config enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method.

What did you expect to see?

The test pass and a new recording generated.

What did you see instead?

OpenSSL failed to start due to a small key size:

=== RUN   TestRenegotiateTwiceRejected
=== RUN   TestRenegotiateTwiceRejected/TLSv12
--- FAIL: TestRenegotiateTwiceRejected (0.16s)
    --- FAIL: TestRenegotiateTwiceRejected/TLSv12 (0.16s)
        handshake_client_test.go:315: Failed to start subcommand: error connecting to the OpenSSL server: dial tcp 127.0.0.1:24323: connect: connection refused (exit status 1)
            
            Using default temp DH parameters
            error setting certificate
            140698504263488:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS
            140698504263488:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:ssl/ssl_rsa.c:310:
@derekparker
Copy link
Contributor Author

@FiloSottile @agl

@bradfitz bradfitz changed the title Unable to update some crypto/tls recorded tests crypto/tls: unable to update some crypto/tls recorded tests May 2, 2019
@bradfitz bradfitz added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label May 2, 2019
@bradfitz bradfitz added this to the Go1.13 milestone May 2, 2019
@bradfitz bradfitz modified the milestones: Go1.13, Go1.14 May 2, 2019
@FiloSottile FiloSottile added the Testing An issue that has been verified to require only test changes, not just a test failure. label Oct 1, 2019
@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
@FiloSottile FiloSottile modified the milestones: Backlog, Go1.15 Mar 31, 2020
@ianlancetaylor
Copy link
Contributor

@FiloSottile I guess this didn't make 1.15, do you want a 1.16 milestone, or backlog? Thanks.

@ianlancetaylor
Copy link
Contributor

Moving milestone to backlog.

@ianlancetaylor ianlancetaylor modified the milestones: Go1.15, Backlog Jun 15, 2020
@thomwiggers
Copy link
Contributor

I ran into similar problems with my custom-compiled version of openssl 1.1.1g, where I enabled enable-weak-ssl-ciphers. The problem turned out to be that the ./apps/openssl version was still loading my system's openssl libraries, instead of the ones I had just compiled. This was fixed by adding no-shared to the ./config command line.

@thomwiggers thomwiggers mentioned this issue Sep 25, 2020
Closed
@gopherbot
Copy link

Change https://golang.org/cl/257517 mentions this issue: crypto/tls: add no-shared to openssl build instructions

@golang golang locked and limited conversation to collaborators Oct 24, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Testing An issue that has been verified to require only test changes, not just a test failure.
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

crypto/tls: add no-shared to openssl build instructions
7 participants
@bradfitz @rsc @thomwiggers @FiloSottile @derekparker @ianlancetaylor @gopherbot