Kai,
On 1/3/2014 02:40, Kai Engert wrote:
On Do, 2014-01-02 at 19:34 -0800, Julien Pierre wrote:
The new OCSP stapling tests in NSS 3.15.3 are all failing on our Solaris
machines. See error log below.
We have a slightly smaller number of failures on Linux.
Are these tests going out to a public OCSP responder on the Internet ?
For most of the errors you cited:
No, see https://bugzilla.mozilla.org/show_bug.cgi?id=811331
There are few errors that are indeed attempting to connect to the public
web, but those will be removed in 3.15.4:
https://bugzilla.mozilla.org/show_bug.cgi?id=936778
Thanks, I applied the patch from that bug.
The following still tests are still failing on the internal network on
Linux, though.
tstclnt: TCP Connection failed: PR_IO_TIMEOUT_ERROR: I/O operation timed out
chains.sh: #2452: Test that OCSP server is reachable - FAILED
tstclnt: TCP Connection failed: PR_IO_TIMEOUT_ERROR: I/O operation timed out
chains.sh: #4286: Test that OCSP server is reachable - FAILED
tstclnt: TCP Connection failed: PR_IO_TIMEOUT_ERROR: I/O operation timed out
chains.sh: #6750: Test that OCSP server is reachable - FAILED
It could be because we have Internet DNS capability, but not direct
Internet TCP connectivity .
Either way, it seems to me that even with the patch, the NSS test suite
still can't run properly on a private network.
Julien
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
