Testing for the 4.4p1 release

Iain Morgan imorgan at nas.nasa.gov
Tue Sep 26 10:02:57 EST 2006 

Sometime ago, Darren Tucker wrote:
> Iain Morgan wrote:
> > Sometime ago, Darren Tucker wrote:
> >> On Fri, Sep 22, 2006 at 05:15:57PM -0700, Iain Morgan wrote:
> >>> Sometime ago, Darren Tucker wrote:
> >> [...]
> >>>> This is a long shot, but when you attempt to use Protocol 1, does the
> >>>> known_hosts file entry consist mainly of zeros?  eg,
> >>> Yes! I guess I never took a close look at the entry, but it has several
> >>> long sequneces of 0's in it. 
> >> Thanks.
> >>
> >> I have seen this reported on HP-UX and have now been able to reproduce
> >> it.  I suspected it to be a problem with either OpenSSL or the compiler,
> >> and if you are able to reproduce it on another platform with another
> >> compiler then it makes OpenSSL much more likely as the culprit.
> >>
> >> I'll update the OpenSSL bug report.
> >>
> > 
> > After applying the patch, I see the following errors during 'make test'
> > 
> > test sslv2 with server authentication
> > server authentication
> >   Initial proxy rights = C
> > depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> > depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
> >   Certificate proxy rights = AB, resulting proxy rights = none
> > Proxy rights check with condition 'A' proved invalid
> > ERROR in CLIENT
> > 1812436:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate
> > verify failed:s2_clnt.c:1066:
> > SSLv2, cipher (NONE) (NONE)
> > test sslv2
> > SSLv2, cipher SSLv2 DES-CBC3-MD5, 512 bit RSA
> > test sslv2 with server authentication
> > server authentication
> >   Initial proxy rights = C
> > depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
> > depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
> > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
> >   Certificate proxy rights = AB, resulting proxy rights = none
> > Proxy rights check with condition 'B' proved invalid
> > ERROR in CLIENT
> > 5313357:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate
> > verify failed:s2_clnt.c:1066:
> > SSLv2, cipher (NONE) (NONE)
> > test sslv2
> > 
> > This happens with both irix-mips3-cc and irix64-mips4-cc. In both cases,
> > there appear to be 22 errors.
> 
> Well that's an error, but not the one I was expecting.  I suspect you 
> will see it without my patch too.
> 

Sorry about. I should have done a baseline against the unmodified
versions and shouldn't have simply sent the first error I saw.

> Could you please run "test/bntest" manually?  That will exercise the 
> code in my patch.
> 

OK. Running test/bntest gives a lot of output. Based on the patch, I
assume you're only interested in the bn2dec test. That appears to be OK.

$ tail bntest.out
.....
.................++++++++++++
.....
...........++++++++++++
.....
test BN_bn2dec
print "test BN_bn2dec\n"
lou.imorgan> exit

script done on Mon Sep 25 16:02:09 2006
$ 

--
Iain Morgan

More information about the openssh-unix-dev mailing list