New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix no-ec enable-ktls
build
#19841
Fix no-ec enable-ktls
build
#19841
Conversation
The KTLS test uses a TLSv1.2 cipher that uses ECDHE
.github/workflows/run-checker-ci.yml
Outdated
@@ -40,6 +40,7 @@ jobs: | |||
enable-trace enable-fips, | |||
no-ts, | |||
no-ui, | |||
enable-ktls no-ec, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure this is a good idea. Clearly this would have caught this problem, but there is a potential combinatorial explosion here. Why stop at the combination of "enable-ktls and no-ec"? We could keep going with all the other 2 option combinations (and why stop at 2?). This doesn't seem viable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One idea would be to enable all non-default options in these runchecker builds and disable just one enabled by default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should cover most of the issues IMO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A more general purpose test is likely out-of scope for this one particular fix, and could discover a number of issues that cause this to blow up. Perhaps an issue to report what the found problems are, so they can be fixed? Whatever is done should probably not enable features that are dependent on other libraries (e.g. compression options).
Should I just delete this test for now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should I just delete this test for now?
Yes, please
@paulidale - please reconfirm |
Is there an issue in master? Three of the builds are failing now, and they weren't yesterday. All I did was remove the test from the .github/workflows directory. |
These look like false positive from a buggy gcc. |
The KTLS test uses a TLSv1.2 cipher that uses ECDHE Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #19841)
Applied to master, 3.1, 3.0 branches. All of them are failing the GitHub CI / enable_non-default_options build which is actually caused by this issue. It cherry-picked cleanly. |
The KTLS test uses a TLSv1.2 cipher that uses ECDHE Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#19841)
The KTLS test uses a TLSv1.2 cipher that uses ECDHE
Checklist