Nelson B Bolyard wrote:
Glen Beasley wrote, On 2009-05-11 14:01:John Smith wrote:I should have said that I expect those 3 errors are related to chain.sh/OCSP related and are fixed in that bug...Hi:*Glen*: Wow, you managed to match that bug to my problem, even though the test numbers are totally different (as per what Nelson said)! Its not terribly important that all tests pass for my purposes, so I think I will wait for 3.12.4. Do you have a rough idea of when that will be released?I will say anyone on any platform that builds and tests NSS 3.12.3 and does not have access to the internal NSS OCSP QA server should have 3 failures. May have more, but they should have at least 3.Glen, If that's true, then that is a serious bug in the NSS QA test scripts. By default, the NSS QA test scripts should never perform any of the tests that require access to servers that are not publicly available. Those private extended tests must only be used when explicitly enabled. If you're sure that's true, please file a P1 test bug. Thanks.
This issue has already been fixed in the trunk.https://bugzilla.mozilla.org/show_bug.cgi?id=488646 unfortunately when you do a cvs co -r NSS_3_12_3_RTM mozilla/security/nss ... these QA_test_script_only_bug exists. I believe it was introduced after 3.12.2 RTM and is now fixed in the trunk. Today I tested the NSS_3_12_3_RTM and not only did I get the expected chains.sh/OCSP errors, I got 3 chains.sh: #2997: RealCerts .... errors which thankfully are fixed in the trunk as well, not sure on the bug number. We had various discussions on chain.sh QA failures in the past weeks and it took awhile for the QA/developers working on theses issue to fix them due to time constraints.
We should discuss pushing 3.12.4 sooner rather than later in the NSS developers meeting
this week to address this issue. I will add it to the agenda. John,I did not reproduce you're Cache CRL SSL test fail with the co of NSS_3_12_3_RTM:
It occurred to me that you wrote the following sample:
tstclnt -p 8443 -h [my-ip-address] -f -d ../client -v \
-w nss -n TestUser41
the NSS all.sh tests require that you "hostanme.computer domain name" as in "myhost.locathost" http://www.mozilla.org/projects/security/pki/nss/testnss_32.html
tstclnt -p 8443 -h [host.domsuf] -f -d ../client -v \
-w nss -n TestUser41
on my ubuntu virtual machine I set and added to sudo vi /etc/hosts 127.0.1.1 gb-ubuntu gb-ubuntu.localhost then in bash shell export DOMSUF localhost export HOST cat see if that fixes your Cache CRL SSL test issue? -glen -glen
/Nelson
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
