Source: mod-gnutls
Version: 0.8.1-2
Severity: serious
https://buildd.debian.org/status/package.php?p=mod-gnutls
...
FAIL: test-27_OCSP_server.bash
==============================
TESTING: 27_OCSP_server
---- Testing OCSP server ----
Connecting to OCSP server: localhost...
Assuming response's signer = issuer (use --load-signer to override).
Resolving 'localhost:9936'...
Connecting to '::1:9936'...
OCSP Response Information:
Response Status: Successful
Response Type: Basic OCSP Response
Version: 1
Responder ID: CN=Testing Authority OCSP Responder
Produced At: Tue Jan 03 09:48:30 UTC 2017
Responses:
Certificate ID:
Hash Algorithm: SHA1
Issuer Name Hash:
bac68790352ceb4c4de1534445348f8b4b5309b3
Issuer Key Hash:
25666b5838ab0565f00477625244d3a6ac380cf6
Serial Number: 02
Certificate Status: unknown
This Update: Tue Jan 03 09:48:30 UTC 2017
Next Update: Tue Jan 03 09:51:30 UTC 2017
Extensions:
Nonce: 39743b213608e6e3481fc46f2236c0237e21900afad85c
Verifying OCSP Response: Success.
---- OCSP test done ----
Connecting to OCSP server: localhost...
*** Cannot find OCSP server URI in certificate: The requested data were not
available.
Processed 1 CA certificate(s).
Resolving 'localhost:9932'...
Connecting to '::1:9932'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=localhost', issuer `CN=Testing Authority', serial 0x02, RSA key
3072 bits, signed using RSA-SHA256, activated `2017-01-03 09:48:20 UTC',
expires `2018-01-03 09:48:20 UTC', key-ID
`sha256:b1f77e7052f53076d78c1d228eab38888389adb8d2b3f6d96b326c88e731e4b0'
Public Key ID:
sha1:9ae0167bc91c5e0007295b279113fc52450ef3ff
sha256:b1f77e7052f53076d78c1d228eab38888389adb8d2b3f6d96b326c88e731e4b0
Public key's random art:
+--[ RSA 3072]----+
| .=*+oo |
| . Boo= |
| + *. o |
| . . .. . |
| o.. S . |
| . B * . |
| + O E |
| . . |
| |
+-----------------+
- Certificate[1] info:
- subject `CN=Testing Authority', issuer `CN=Testing Authority', serial 0x01,
RSA key 3072 bits, signed using RSA-SHA256, activated `2017-01-03 09:48:20
UTC', expires `2018-01-03 09:48:20 UTC', key-ID
`sha256:d00b1ac8445299f4e3161c11b66839fa97306cca90e8ff4fee54d303ea63841c'
- Status: The certificate is trusted.
Resolving 'localhost:9936'...
Connecting to '::1:9936'...
- OCSP server flags certificate not revoked as of Tue Jan 3 09:48:30 2017
*** OCSP: verified 1 certificate(s).
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
- Session ID:
C1:B8:35:E8:C4:79:15:44:21:53:A4:D5:71:16:9D:77:09:76:59:C8:76:C8:A9:DD:88:51:3F:1E:B6:BE:70:69
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: extended master secret, safe renegotiation,
- Handshake was completed
- Simple Client Mode:
HTTP/1.1 200 OK
Date: Tue, 03 Jan 2017 09:48:30 GMT
Server: Apache/2.4.25 (Debian) mod_gnutls/0.8.1 GnuTLS/3.5.7
Last-Modified: Mon, 02 Nov 2015 21:32:08 GMT
ETag: "5-5239582604600"
Accept-Ranges: bytes
Content-Length: 5
Connection: close
Content-Type: text/plain
test
- Peer has closed the GnuTLS connection
PID TTY TIME CMD
19898 ? 00:00:00 sleep
SUCCESS: 27_OCSP_server
Checking if client actually got a stapled response.
Error: "OCSP status request" option is missing!
FAIL test-27_OCSP_server.bash (exit status: 1)
...
=======
test/logs/27_OCSP_server.error.log
[Tue Jan 03 09:48:30.795059 2017] [watchdog:debug] [pid 19807:tid
4397993473872] mod_watchdog.c(460): AH02974: Watchdog: found parent providers.
[Tue Jan 03 09:48:30.795080 2017] [watchdog:debug] [pid 19807:tid
4397993473872] mod_watchdog.c(506): AH02977: Watchdog: found child providers.
[Tue Jan 03 09:48:30.795081 2017] [watchdog:debug] [pid 19807:tid
4397993473872] mod_watchdog.c(514): AH02978: Watchdog: Looking for child
(_singleton_).
[Tue Jan 03 09:48:30.795083 2017] [watchdog:debug] [pid 19807:tid
4397993473872] mod_watchdog.c(514): AH02978: Watchdog: Looking for child
(_default_).
[Tue Jan 03 09:48:30.796049 2017] [mpm_worker:notice] [pid 19807:tid
4397993473872] AH00292: Apache/2.4.25 (Debian) mod_gnutls/0.8.1 GnuTLS/3.5.7
configured -- resuming normal operations
[Tue Jan 03 09:48:30.796053 2017] [mpm_worker:info] [pid 19807:tid
4397993473872] AH00293: Server built: 2016-12-21T22:46:06
[Tue Jan 03 09:48:30.796059 2017] [core:notice] [pid 19807:tid 4397993473872]
AH00094: Command line: '/usr/sbin/apache2 -f
/«PKGBUILDDIR»/test/tests/27_OCSP_server/apache.conf'
[Tue Jan 03 09:48:30.796060 2017] [core:debug] [pid 19807:tid 4397993473872]
log.c(1546): AH02639: Using SO_REUSEPORT: yes (1)
[Tue Jan 03 09:48:30.796065 2017] [mpm_worker:debug] [pid 19807:tid
4397993473872] worker.c(1885): AH00294: Accept mutex: sysvsem (default: sysvsem)
[Tue Jan 03 09:48:30.796145 2017] [watchdog:debug] [pid 19811:tid
4397993473872] mod_watchdog.c(563): AH02980: Watchdog: nothing configured?
[Tue Jan 03 09:48:30.796267 2017] [watchdog:debug] [pid 19809:tid
4397993473872] mod_watchdog.c(563): AH02980: Watchdog: nothing configured?
[Tue Jan 03 09:48:30.797137 2017] [gnutls:debug] [pid 19811:tid 4397811628304]
gnutls_hooks.c(918): [client ::1:53045] mgs_hook_pre_connection declined
connection
[Tue Jan 03 09:48:30.797208 2017] [authz_core:debug] [pid 19811:tid
4397811628304] mod_authz_core.c(835): [client ::1:53045] AH01628: authorization
result: granted (no directives)
[Tue Jan 03 09:48:30.797214 2017] [gnutls:debug] [pid 19811:tid 4397811628304]
gnutls_hooks.c(944): [client ::1:53045] request declined in mgs_hook_fixups
[Tue Jan 03 09:48:30.797242 2017] [authz_core:debug] [pid 19811:tid
4397811628304] mod_authz_core.c(835): [client ::1:53045] AH01628: authorization
result: granted (no directives)
[Tue Jan 03 09:48:30.797247 2017] [gnutls:debug] [pid 19811:tid 4397811628304]
gnutls_hooks.c(944): [client ::1:53045] request declined in mgs_hook_fixups
[Tue Jan 03 09:48:30.797265 2017] [watchdog:debug] [pid 19810:tid
4397993473872] mod_watchdog.c(563): AH02980: Watchdog: nothing configured?
[Tue Jan 03 09:48:30.815016 2017] [gnutls:debug] [pid 19811:tid 4397794851088]
gnutls_cache.c(445): Cleaned up cache '/«PKGBUILDDIR»/test/cache/gnutls_cache'.
Deleted 0 and left 22
[Tue Jan 03 09:48:30.815043 2017] [gnutls:debug] [pid 19811:tid 4397794851088]
gnutls_ocsp.c(775): [client ::1:52243] No valid OCSP response in cache, trying
to update.
[Tue Jan 03 09:48:30.815257 2017] [gnutls:debug] [pid 19809:tid 4397962590480]
gnutls_hooks.c(918): [client ::1:53047] mgs_hook_pre_connection declined
connection
[Tue Jan 03 09:48:30.815318 2017] [authz_core:debug] [pid 19809:tid
4397962590480] mod_authz_core.c(835): [client ::1:53047] AH01628: authorization
result: granted (no directives)
[Tue Jan 03 09:48:30.815323 2017] [gnutls:debug] [pid 19809:tid 4397962590480]
gnutls_hooks.c(944): [client ::1:53047] request declined in mgs_hook_fixups
[Tue Jan 03 09:48:30.815346 2017] [authz_core:debug] [pid 19809:tid
4397962590480] mod_authz_core.c(835): [client ::1:53047] AH01628: authorization
result: granted (no directives)
[Tue Jan 03 09:48:30.815351 2017] [gnutls:debug] [pid 19809:tid 4397962590480]
gnutls_hooks.c(944): [client ::1:53047] request declined in mgs_hook_fixups
[Tue Jan 03 09:48:30.828168 2017] [gnutls:error] [pid 19811:tid 4397794851088]
(20014)Internal error (specific information not available): CA flagged
certificate as unknown at Tue, 03 Jan 2017 09:48:30 GMT.
[Tue Jan 03 09:48:30.828182 2017] [gnutls:debug] [pid 19811:tid 4397794851088]
gnutls_ocsp.c(671): (20014)Internal error (specific information not available):
OCSP response validation failed, cannot update cache.
[Tue Jan 03 09:48:30.828186 2017] [gnutls:error] [pid 19811:tid 4397794851088]
(20014)Internal error (specific information not available): [client ::1:52243]
Caching a fresh OCSP response failed
[Tue Jan 03 09:48:30.828188 2017] [gnutls:error] [pid 19811:tid 4397794851088]
OCSP request for localhost failed, next try after Tue, 03 Jan 2017 09:53:30 GMT.
[Tue Jan 03 09:48:30.842105 2017] [gnutls:debug] [pid 19810:tid 4397811628304]
gnutls_hooks.c(918): [client ::1:53048] mgs_hook_pre_connection declined
connection
[Tue Jan 03 09:48:30.842165 2017] [authz_core:debug] [pid 19810:tid
4397811628304] mod_authz_core.c(835): [client ::1:53048] AH01628: authorization
result: granted (no directives)
[Tue Jan 03 09:48:30.842172 2017] [gnutls:debug] [pid 19810:tid 4397811628304]
gnutls_hooks.c(944): [client ::1:53048] request declined in mgs_hook_fixups
[Tue Jan 03 09:48:30.842196 2017] [authz_core:debug] [pid 19810:tid
4397811628304] mod_authz_core.c(835): [client ::1:53048] AH01628: authorization
result: granted (no directives)
[Tue Jan 03 09:48:30.842201 2017] [gnutls:debug] [pid 19810:tid 4397811628304]
gnutls_hooks.c(944): [client ::1:53048] request declined in mgs_hook_fixups
[Tue Jan 03 09:48:30.856714 2017] [gnutls:debug] [pid 19811:tid 4397794851088]
gnutls_io.c(547): [client ::1:52243] mgs_filter_input: TLS connection opened.
[Tue Jan 03 09:48:30.856799 2017] [authz_core:debug] [pid 19811:tid
4397794851088] mod_authz_core.c(835): [client ::1:52243] AH01628: authorization
result: granted (no directives)
[Tue Jan 03 09:48:30.856931 2017] [gnutls:debug] [pid 19811:tid 4397794851088]
gnutls_io.c(513): [client ::1:52243] mgs_bye: TLS connection closed.
[Tue Jan 03 09:48:30.900588 2017] [core:info] [pid 19807:tid 4397993473872]
AH00096: removed PID file /«PKGBUILDDIR»/test/apache2.pid (pid=19807)
[Tue Jan 03 09:48:30.900592 2017] [mpm_worker:notice] [pid 19807:tid
4397993473872] AH00295: caught SIGTERM, shutting down
=======
...
