Port CRL test from boring crypto/x509/x509_test.cc; add fix to 1.1.0/master#1775
Port CRL test from boring crypto/x509/x509_test.cc; add fix to 1.1.0/master#1775richsalz wants to merge 1 commit intoopenssl:masterfrom richsalz:add-crltest
Conversation
richsalz
added
branch: master
|
Error is pretty clear ; test/crltest.c:40:5: error: string length '1253' is greater than the length '509' ISO C90 compilers are required to support [-Werror=overlength-strings] test/crltest.c:64:5: error: string length '1298' is greater than the length '509' ISO C90 compilers are required to support [-Werror=overlength-strings] test/crltest.c:77:5: error: string length '629' is greater than the length '509' ISO C90 compilers are required to support [-Werror=overlength-strings] test/crltest.c:91:5: error: string length '658' is greater than the length '509' ISO C90 compilers are required to support [-Werror=overlength-strings] test/crltest.c:105:5: error: string length '666' is greater than the length '509' ISO C90 compilers are required to support [-Werror=overlength-strings] test/crltest.c:123:5: error: string length '654' is greater than the length '509' ISO C90 compilers are required to support [-Werror=overlength-strings] test/crltest.c:140:5: error: string length '658' is greater than the length '509' ISO C90 compilers are required to support [-Werror=overlength-strings] test/crltest.c:158:5: error: string length '682' is greater than the length '509' ISO C90 compilers are required to support [-Werror=overlength-strings] |
|
No, that's a build error which I did not see and which I will fix later. The run-time error is this: |
|
Please consider any work from BoringSSL included here to be covered by our existing CLA with OpenSSL. I think the reason the test doesn't pass is because the fix didn't get applied to master (or 1.1.0), so the test is working. :-) |
|
By the way, in case you need to generate more of these or whatever, here's the private key corresponding to Also, shameless plug, but der-ascii is really handy for generating these kinds of things: |
richsalz
added
branch: 1.0.2
richsalz
changed the title
|
yes, right i forgot to push the commit with the fix. (appropriate smiley) |
|
You know that there are problems reported by travis, like "crltest: corrupted double-linked list"? |
|
No I did not notice the travis problems. |
|
Added a commit taht should fix this. Thanks for pointing me to the problem. |
test/crltest.c
Outdated
There was a problem hiding this comment.
I'm not seeing where either of these fields are freed by X509_STORE_CTX_free, though perhaps I'm just not seeing it.
Anyway, this doesn't make sense. One would expect that either both X509_STORE_CTX_set0_crls and X509_STORE_CTX_free free the existing value or neither to.
That is, if ctx owns crls as a result of line 235, then ctx is responsible for freeing it in both set0_crls and free. If ctx doesn't own crls, then ctx should not free it in either function. (At least from inspection, it seems to be the latter.)
There was a problem hiding this comment.
asan is complaining, so let's see what happens. :)
There was a problem hiding this comment.
doh, of course i wasn't making sense. :( backed it out. need to reproduce locally.
|
found and fixed. pushing new version. |
|
You can avoid the PEM concatentation by using DER format and calling the relevant d2i function directly. |
levitte
left a comment
levitte
left a comment
There was a problem hiding this comment.
Looks good to me at this point
|
ping @levitte to re-review. uses the test framework. for master only. |
richsalz
removed
branch: 1.0.2
|
ping @levitte please reconfirm since it uses the test harness now. updated/rebased commit pushed. |
test/crltest.c
Outdated
There was a problem hiding this comment.
Change to:
X509_STORE_CTX_set0_trusted_stack(ctx, roots);
There was a problem hiding this comment.
(it will fix the Travis build issue)
More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc
|
updated commit pushed. |
levitte
added
the
approval: done
More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc Reviewed-by: Richard Levitte <[email protected]> (Merged from #1775)
More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc Reviewed-by: Richard Levitte <[email protected]> (Merged from #1775) (cherry picked from commit 2b40699)
|
This fix was not pushed into 1.0.2 branch, who still has the issue too. |
|
It was; see 3ade92e |
6 participants
To be ported to 1.1.0 and 1.0.2 Fails right now on master, needs to be investigated.