Testing for the 4.4p1 release
Darren Tucker
dtucker at zip.com.au
Tue Sep 26 06:58:55 EST 2006
Iain Morgan wrote:
> Sometime ago, Darren Tucker wrote:
>> On Fri, Sep 22, 2006 at 05:15:57PM -0700, Iain Morgan wrote:
>>> Sometime ago, Darren Tucker wrote:
>> [...]
>>>> This is a long shot, but when you attempt to use Protocol 1, does the
>>>> known_hosts file entry consist mainly of zeros? eg,
>>> Yes! I guess I never took a close look at the entry, but it has several
>>> long sequneces of 0's in it.
>> Thanks.
>>
>> I have seen this reported on HP-UX and have now been able to reproduce
>> it. I suspected it to be a problem with either OpenSSL or the compiler,
>> and if you are able to reproduce it on another platform with another
>> compiler then it makes OpenSSL much more likely as the culprit.
>>
>> I'll update the OpenSSL bug report.
>>
>
> After applying the patch, I see the following errors during 'make test'
>
> test sslv2 with server authentication
> server authentication
> Initial proxy rights = C
> depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
> Certificate proxy rights = AB, resulting proxy rights = none
> Proxy rights check with condition 'A' proved invalid
> ERROR in CLIENT
> 1812436:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate
> verify failed:s2_clnt.c:1066:
> SSLv2, cipher (NONE) (NONE)
> test sslv2
> SSLv2, cipher SSLv2 DES-CBC3-MD5, 512 bit RSA
> test sslv2 with server authentication
> server authentication
> Initial proxy rights = C
> depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
> Certificate proxy rights = AB, resulting proxy rights = none
> Proxy rights check with condition 'B' proved invalid
> ERROR in CLIENT
> 5313357:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate
> verify failed:s2_clnt.c:1066:
> SSLv2, cipher (NONE) (NONE)
> test sslv2
>
> This happens with both irix-mips3-cc and irix64-mips4-cc. In both cases,
> there appear to be 22 errors.
Well that's an error, but not the one I was expecting. I suspect you
will see it without my patch too.
Could you please run "test/bntest" manually? That will exercise the
code in my patch.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list