Testing for the 4.4p1 release
Iain Morgan
imorgan at nas.nasa.gov
Tue Sep 26 05:05:39 EST 2006
Sometime ago, Darren Tucker wrote:
> On Fri, Sep 22, 2006 at 05:15:57PM -0700, Iain Morgan wrote:
> > Sometime ago, Darren Tucker wrote:
> [...]
> > > This is a long shot, but when you attempt to use Protocol 1, does the
> > > known_hosts file entry consist mainly of zeros? eg,
> >
> > Yes! I guess I never took a close look at the entry, but it has several
> > long sequneces of 0's in it.
>
> Thanks.
>
> I have seen this reported on HP-UX and have now been able to reproduce
> it. I suspected it to be a problem with either OpenSSL or the compiler,
> and if you are able to reproduce it on another platform with another
> compiler then it makes OpenSSL much more likely as the culprit.
>
> I'll update the OpenSSL bug report.
>
After applying the patch, I see the following errors during 'make test'
test sslv2 with server authentication
server authentication
Initial proxy rights = C
depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
Certificate proxy rights = AB, resulting proxy rights = none
Proxy rights check with condition 'A' proved invalid
ERROR in CLIENT
1812436:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate
verify failed:s2_clnt.c:1066:
SSLv2, cipher (NONE) (NONE)
test sslv2
SSLv2, cipher SSLv2 DES-CBC3-MD5, 512 bit RSA
test sslv2 with server authentication
server authentication
Initial proxy rights = C
depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
Certificate proxy rights = AB, resulting proxy rights = none
Proxy rights check with condition 'B' proved invalid
ERROR in CLIENT
5313357:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate
verify failed:s2_clnt.c:1066:
SSLv2, cipher (NONE) (NONE)
test sslv2
This happens with both irix-mips3-cc and irix64-mips4-cc. In both cases,
there appear to be 22 errors.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list