Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate creation script for TLS test data is broken #35780

Closed
adisuissa opened this issue Aug 21, 2024 · 0 comments · Fixed by #35781
Closed

Certificate creation script for TLS test data is broken #35780

adisuissa opened this issue Aug 21, 2024 · 0 comments · Fixed by #35781
Labels
bug triage Issue requires triage

Comments

@adisuissa
Copy link
Contributor

Currently some tests in the TLS directory are failing. Example:

Executing tests from //test/common/tls:context_impl_test
...
[ RUN      ] SslContextImplTest.TestExpiringCert
unknown file: Failure
C++ exception with description "bad_optional_access" thrown in the test body.
...

and:

Executing tests from //test/common/tls/cert_validator:default_validator_test
...
[ RUN      ] DefaultCertValidatorTest.WithVerifyDepth
[test/common/tls/cert_validator/default_validator_test](http://test/common/tls/cert_validator/default_validator_test).cc:667: Failure
Expected equality of these values:
  X509_verify_cert(store_ctx.get())
    Which is: 0
  1
Stack trace:
  0x2086e56: Envoy::Extensions::TransportSockets::Tls::DefaultCertValidatorTest_WithVerifyDepth_Test::TestBody()
  0x549646b: testing::internal::HandleSehExceptionsInMethodIfSupported<>()
  0x5485a7a: testing::internal::HandleExceptionsInMethodIfSupported<>()
  0x54714e3: testing::Test::Run()
  0x5471e94: testing::TestInfo::Run()
... Google Test internal frames ...

[test/common/tls/cert_validator/default_validator_test](http://test/common/tls/cert_validator/default_validator_test).cc:668: Failure
Expected equality of these values:
  X509_STORE_CTX_get_error(store_ctx.get())
    Which is: 10
  0
Stack trace:
  0x2086fe8: Envoy::Extensions::TransportSockets::Tls::DefaultCertValidatorTest_WithVerifyDepth_Test::TestBody()
  0x549646b: testing::internal::HandleSehExceptionsInMethodIfSupported<>()
  0x5485a7a: testing::internal::HandleExceptionsInMethodIfSupported<>()
  0x54714e3: testing::Test::Run()
  0x5471e94: testing::TestInfo::Run()
... Google Test internal frames ...

[  FAILED  ] DefaultCertValidatorTest.WithVerifyDepth (361 ms)
...

I've tried to update the certs by running certs.sh which failed because large negative days are not supported. This is easy to fix (modifying the days argument to "-1" instead of "-365").

However, there's a problem that now the certs.sh script doesn't create the entirely required output.
Specifically #35513 added TEST_*_CHAIN_*_HASHES in https://github.com/envoyproxy/envoy/blob/e37ffcf469495562139abe8db9320df531a69c56/test/common/tls/test_data/no_san_cert_info.h#L6C16-L6C49 that do not exist after executing the script.
Need to automatically create these fields.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug triage Issue requires triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

tls-tests: updating the auto-generated certs for TLS tests adisuissa/envoy
1 participant
@adisuissa