Today I made Wocky compile when configured to use OpenSSL. I thought I would run the test suite, and discovered that only 68 out of the 219 connector tests pass. I started looking into it. My branch is attached, with a patch which handles an additional error condition from OpenSSL (by ignoring it). I don't think this is kosher—I think it's more likely that the loading of the CRL is broken in some way—but it leaves us with a mere 14 failing tests, all of which are due to a connection being made successfully when it ought to fail: Failure: /connector/cert-verification/tls/nohost/fail/name-mismatch Failure: /connector/cert-verification/tls/host/fail/name-mismatch Failure: /connector/cert-verification/tls/crl/fail Failure: /connector/cert-verification/tls/expired/fail Failure: /connector/cert-verification/tls/inactive/fail Failure: /connector/cert-verification/tls/selfsigned/fail Failure: /connector/cert-verification/ssl/nohost/fail/name-mismatch Failure: /connector/cert-verification/ssl/host/fail/name-mismatch Failure: /connector/cert-verification/ssl/crl/fail Failure: /connector/cert-verification/ssl/expired/fail Failure: /connector/cert-verification/ssl/inactive/fail Failure: /connector/cert-verification/ssl/selfsigned/fail Failure: /connector/cert-nonverification/tls/crl/fail Failure: /connector/cert-nonverification/ssl/crl/fail This suggests that we are being too lenient in some cases.
These were all broken because the CRL has expired. It is fixed properly now.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.