Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix error message in test_verify_fail_if_client_unknown_ca #2760

Merged
merged 1 commit into from Nov 24, 2021
Merged

Fix error message in test_verify_fail_if_client_unknown_ca #2760

merged 1 commit into from Nov 24, 2021

Conversation

lucaskanashiro
Copy link
Contributor

@lucaskanashiro lucaskanashiro commented Nov 24, 2021
edited

Description

In Ubuntu 22.04 (development release), we have got the following error:

  1) Failure:
TestPumaServerSSLClient#test_verify_fail_if_client_unknown_ca [/tmp/autopkgtest.nnOHcD/build.YFu/src/test/test_puma_server_ssl.rb:306]:
Expected /self\ signed\ certificate\ in\ certificate\ chain/ to match # encoding: ASCII-8BIT
\#    valid: true
"OpenSSL certificate verification error: self-signed certificate in certificate chain - 19".

Changing the expected error message from "self signed certificate" to "self-signed certificate" fixes the test failure.

Your checklist for this pull request

  • I have reviewed the guidelines for contributing to this repository.
  • I have added (or updated) appropriate tests if this PR fixes a bug or adds a feature.
  • My pull request is 100 lines added/removed or less so that it can be easily reviewed.
  • If this PR doesn't need tests (docs change), I added [ci skip] to the title of the PR.
  • If this closes any issues, I have added "Closes #issue" to the PR description or my commit messages.
  • I have updated the documentation accordingly.
  • All new and existing tests passed, including Rubocop.

@MSP-Greg
Copy link
Member

@lucaskanashiro

Thanks for the PR.

  1. I've tested Puma using OpenSSL 3.0 locally, and that was the only failure, excluding the expected deprecation warning during compile. Are you testing against 3.0? If so, do you by chance know how soon various distros will be upgrading to it?

  2. Given the above, I think the assert needs to pass both 'self signed' and 'self-signed'? Or, rather than a text match, it needs to be a regex?

@lucaskanashiro
Copy link
Contributor Author

@MSP-Greg thanks for the prompt reply.

1. I've tested Puma using OpenSSL 3.0 locally, and that was the only failure, excluding the expected deprecation warning during compile.  Are you testing against 3.0?  If so, do you by chance know how soon various distros will be upgrading to it?

Yes, I am testing against OpenSSL 3. In Ubuntu, we are moving to OpenSSL 3 right now. In Debian, there is an ongoing discussion about it, not sure about the outcome yet. IDK about the other distros.

2. Given the above, I think the assert needs to pass both 'self signed' and 'self-signed'?  Or, rather than a text match, it needs to be a regex?

You are right, not everyone will be using OpenSSL 3. In assert_ssl_client_error_match method, should we use assert_match instead of assert_equal?

@MSP-Greg
Copy link
Member

we are moving to OpenSSL 3 right now

I hate it when that happens. Wonder when it will hit WSL2/Ubuntu (what I'm using locally)... I suppose I could build it, but...

Sorry, I didn't look at assert_ssl_client_error_match, but assumed with 'match' in the name. Yes, please use assert_match instead of assert_equal.

MSP-Greg
MSP-Greg requested changes Nov 24, 2021
View reviewed changes
Copy link
Member

@MSP-Greg MSP-Greg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change to the following should work. Sorry, intermittently AFK and now with coffee...

assert_ssl_client_error_match(/self[- ]signed certificate in certificate chain/, '/DC=net/DC=puma/CN=CAU') do |http|

@lucaskanashiro
Copy link
Contributor Author

Thanks @MSP-Greg , I applied the suggested change.

@MSP-Greg
Copy link
Member

@lucaskanashiro

Thanks. Hate to ask, but it needs to be a regex, not a string...

@lucaskanashiro
Fix error message in test_verify_fail_if_client_unknown_ca
8dd435f 
In Ubuntu, with OpenSSL 3, we have got the following error:

  1) Failure:
TestPumaServerSSLClient#test_verify_fail_if_client_unknown_ca [/tmp/autopkgtest.nnOHcD/build.YFu/src/test/test_puma_server_ssl.rb:306]:
Expected /self\ signed\ certificate\ in\ certificate\ chain/ to match # encoding: ASCII-8BIT
\#    valid: true
"OpenSSL certificate verification error: self-signed certificate in certificate chain - 19".
@lucaskanashiro
Copy link
Contributor Author

@MSP-Greg sorry :) it's fixed now.

@MSP-Greg MSP-Greg merged commit 392a61b into puma:master Nov 24, 2021
@lucaskanashiro lucaskanashiro deleted the fix-ssl-test-in-ubuntu branch November 24, 2021 18:35
JuanitoFatas pushed a commit to JuanitoFatas/puma that referenced this pull request Sep 9, 2022
@lucaskanashiro @JuanitoFatas
[CI] OpenSSL 3.0 - Fix error message in test_verify_fail_if_client_un…
204834d 
…known_ca (puma#2760)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MSP-Greg MSP-Greg MSP-Greg approved these changes

Assignees
No one assigned
Labels
CI / Testing ssl
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lucaskanashiro @MSP-Greg