Skip to content

Added portability test with openssl 1.0.2#25770

Merged
veblush merged 2 commits intogrpc:masterfrom
veblush:ssl-test
Mar 24, 2021
Merged

Added portability test with openssl 1.0.2#25770
veblush merged 2 commits intogrpc:masterfrom
veblush:ssl-test

Conversation

@veblush
Copy link
Copy Markdown
Contributor

@veblush veblush commented Mar 19, 2021
edited
Loading

Adding a new portability test with openssl 1.0.2. OpenSSL 1.0.2 is out of support but it's still worth having tests because openssl variants such as libressl are OpenSSL 1.0.x compatible.

grpc/core/master/linux/grpc_portability

Fixes #24960

@veblush veblush added area/test release notes: no Indicates if PR should not be in release notes labels Mar 19, 2021
@veblush veblush changed the title Added openssl102 test to portability Added portability test with openssl 1.0.2 Mar 19, 2021
@veblush
Copy link
Copy Markdown
Contributor Author

veblush commented Mar 20, 2021

@matthewstevenson88 It seems that gRPC cannot build with openssl 1.0.2? Can you check this?

[ 81%] Building CXX object CMakeFiles/minimal_stack_is_minimal_test.dir/test/core/channel/minimal_stack_is_minimal_test.cc.o
/var/local/git/grpc/test/core/tsi/ssl_transport_security_test.cc: In function 'void ssl_tsi_test_extract_cert_chain()':
/var/local/git/grpc/test/core/tsi/ssl_transport_security_test.cc:959:7: error: 'X509_up_ref' was not declared in this scope
       X509_up_ref(certInfo->x509);
       ^~~~~~~~~~~
/var/local/git/grpc/test/core/tsi/ssl_transport_security_test.cc:959:7: note: suggested alternative: 'X509_free'
       X509_up_ref(certInfo->x509);
       ^~~~~~~~~~~
       X509_free

@matthewstevenson88
Copy link
Copy Markdown
Contributor

matthewstevenson88 commented Mar 22, 2021

Thanks @veblush! I'll take a look later today/this evening.

@matthewstevenson88
Copy link
Copy Markdown
Contributor

matthewstevenson88 commented Mar 23, 2021

There's a small fix you can make to ssl_transport_security_test.cc to fix the test failure: see the draft PR #25786. Feel free to copy over those changes to here and I'll close the other PR.

@matthewstevenson88
Copy link
Copy Markdown
Contributor

matthewstevenson88 commented Mar 23, 2021

Also have a follow-up question: this only seems to check if gRPC builds against OpenSSL 1.0.2 - are you going to be running the tests against OpenSSL 1.0.2 as well?

@veblush
Copy link
Copy Markdown
Contributor Author

veblush commented Mar 23, 2021

@matthewstevenson88 Thank you for the fix and I updated my PR based on it. For your question, this test is going to run everyday on master. This isn't part of CI tests running against every PR because it usually takes serveral hours to finish.

@veblush veblush marked this pull request as ready for review March 23, 2021 22:46
@matthewstevenson88
Copy link
Copy Markdown
Contributor

matthewstevenson88 commented Mar 23, 2021

Thanks so much for taking care of this @veblush! The OpenSSL changes LGTM.

@jiangtaoli2016 FYI.

@veblush veblush merged commit 0147d99 into grpc:master Mar 24, 2021
@veblush veblush deleted the ssl-test branch March 24, 2021 16:37
@veblush
Copy link
Copy Markdown
Contributor Author

veblush commented Mar 25, 2021
edited
Loading

This appears to cause the actual test failure of grpc_portability. test fusion

One example:

E0325 07:43:12.401164371   14013 ssl_transport_security.cc:1824] No match found for server name: test.google.cn.
I0325 07:43:12.405918065   14013 ssl_transport_security_test.cc:608] ssl_tsi_test_do_handshake_with_bad_server_cert
E0325 07:43:12.414073027   14013 ssl_transport_security.cc:1455] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
I0325 07:43:12.414463607   14013 ssl_transport_security_test.cc:618] ssl_tsi_test_do_handshake_with_bad_client_cert
E0325 07:43:12.426561911   14013 ssl_transport_security.cc:1455] Handshake failed with fatal error SSL_ERROR_SSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed.
I0325 07:43:12.427076713   14013 ssl_transport_security_test.cc:639] ssl_tsi_test_do_handshake_alpn_server_no_client
I0325 07:43:12.436937107   14013 ssl_transport_security_test.cc:659] ssl_tsi_test_do_handshake_alpn_client_server_ok
I0325 07:43:12.441437760   14013 ssl_transport_security_test.cc:733] ssl_tsi_test_do_handshake_session_cache
I0325 07:43:12.483864177   14013 ssl_transport_security_test.cc:669] ssl_tsi_test_do_round_trip_for_all_configs
I0325 07:43:13.383629094   14013 ssl_transport_security_test.cc:701] ssl_tsi_test_do_round_trip_odd_buffer_size
I0325 07:43:37.896001643   14013 ssl_transport_security_test.cc:876] ssl_tsi_test_handshaker_factory_internals
E0325 07:43:37.896859449   14013 ssl_transport_security.cc:761] Could not load any root certificate.
E0325 07:43:37.896895837   14013 ssl_transport_security.cc:1955] Cannot load server root certificates.
I0325 07:43:37.896910467   14013 ssl_transport_security_test.cc:883] ssl_tsi_test_duplicate_root_certificates
I0325 07:43:37.897073873   14013 ssl_transport_security_test.cc:899] ssl_tsi_test_extract_x509_subject_names
I0325 07:43:37.897175205   14013 ssl_transport_security_test.cc:941] ssl_tsi_test_extract_cert_chain
I0325 07:43:37.897317470   14013 ssl_transport_security_test.cc:509] ssl_tsi_test_do_handshake_tiny_handshake_buffer
I0325 07:43:37.902241845   14013 ssl_transport_security_test.cc:520] ssl_tsi_test_do_handshake_small_handshake_buffer
I0325 07:43:37.906958466   14013 ssl_transport_security_test.cc:528] ssl_tsi_test_do_handshake
I0325 07:43:37.911598822   14013 ssl_transport_security_test.cc:535] ssl_tsi_test_do_handshake_with_root_store
I0325 07:43:37.916194615   14013 ssl_transport_security_test.cc:545] ssl_tsi_test_do_handshake_with_client_authentication
I0325 07:43:37.922712790   14013 ssl_transport_security_test.cc:556] ssl_tsi_test_do_handshake_with_client_authentication_and_root_store
I0325 07:43:37.929265413   14013 ssl_transport_security_test.cc:568] ssl_tsi_test_do_handshake_with_server_name_indication_exact_domain
I0325 07:43:37.933951211   14013 ssl_transport_security_test.cc:582] ssl_tsi_test_do_handshake_with_server_name_indication_wild_star_domain
I0325 07:43:37.938656627   14013 ssl_transport_security_test.cc:595] ssl_tsi_test_do_handshake_with_wrong_server_name_indication
E0325 07:43:37.940381209   14013 ssl_transport_security.cc:1824] No match found for server name: test.google.cn.
I0325 07:43:37.943292230   14013 ssl_transport_security_test.cc:608] ssl_tsi_test_do_handshake_with_bad_server_cert
E0325 07:43:37.946440965   14013 ssl_transport_security.cc:1455] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
I0325 07:43:37.946552460   14013 ssl_transport_security_test.cc:618] ssl_tsi_test_do_handshake_with_bad_client_cert
E0325 07:43:37.952224755   14013 ssl_transport_security.cc:1455] Handshake failed with fatal error SSL_ERROR_SSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed.
E0325 07:43:37.952272052   14013 ssl_transport_security_test.cc:340] assertion failed: tsi_handshaker_result_extract_peer( ssl_fixture->base.client_result, &peer) == TSI_OK
*** SIGABRT received at time=1616658217 ***
PC: @     0x7f90576107bb  (unknown)  raise
    @     0x557456ed0eca         64  absl::lts_2020_09_23::WriteFailureInfo()
    @     0x557456ed106c         96  absl::lts_2020_09_23::AbslFailureSignalHandler()
    @     0x7f9057db2730  (unknown)  (unknown)
    @     0x557456ece110         48  check_handshake_results()
    @     0x557456ecf3a5         48  tsi_test_do_handshake()
    @     0x557456ecc15a         32  ssl_tsi_test_do_handshake_with_bad_client_cert()
    @     0x557456ecd8d7         80  main
    @     0x7f90575fd09b  (unknown)  __libc_start_main
    @ 0x41fd89415541f689  (unknown)  (unknown)
Command terminated by signal 6

veblush added a commit that referenced this pull request Mar 25, 2021
@veblush
Revert "Added portability test with openssl 1.0.2 (#25770)"
fb9d94b 
This reverts commit 0147d99.
@veblush veblush mentioned this pull request Mar 25, 2021
Merged
veblush added a commit that referenced this pull request Mar 25, 2021
@veblush
Revert "Added portability test with openssl 1.0.2 (#25770)" (#25812)
b55fba3 
This reverts commit 0147d99.
@matthewstevenson88 matthewstevenson88 mentioned this pull request Mar 30, 2021
Merged
veblush added a commit that referenced this pull request Apr 1, 2021
@veblush
Revert "Revert "Added portability test with openssl 1.0.2 (#25770)" (#…
72e3bf0 
…25812)"

This reverts commit b55fba3.
@veblush veblush mentioned this pull request Apr 1, 2021
Merged
veblush added a commit that referenced this pull request Jun 3, 2021
@veblush
Revert "Revert "Added portability test with openssl 1.0.2 (#25770)" (#…
a105c8c 
…25812)"

This reverts commit b55fba3.
veblush added a commit that referenced this pull request Jun 8, 2021
@veblush
Revert "Revert "Added portability test with openssl 1.0.2 (#25770)" (#…
cc8f129 
…25812)"

This reverts commit b55fba3.
veblush added a commit that referenced this pull request Jun 9, 2021
@veblush
Revert "Revert "Added portability test with openssl 1.0.2 (#25770)" (#…
2c01c7c 
…25812)"

This reverts commit b55fba3.
veblush added a commit that referenced this pull request Jun 15, 2021
@veblush
Revert "Revert "Added portability test with openssl 1.0.2 (#25770)" (#…
83681f2 
…25812)" (#25860)

This reverts commit b55fba3.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matthewstevenson88 matthewstevenson88 matthewstevenson88 approved these changes

@apolcyn apolcyn Awaiting requested review from apolcyn

@jtattermusch jtattermusch Awaiting requested review from jtattermusch

@nicolasnoble nicolasnoble Awaiting requested review from nicolasnoble

Assignees

No one assigned

Labels

area/test release notes: no Indicates if PR should not be in release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Adding a test with openssl or variants without TLS v1.3 support

2 participants

@veblush @matthewstevenson88