certmonger

#275 Test failure with openssl 3.2
Closed: fixed by rcritten. Opened by yselkowitz.

Closed: fixed
Reopen Issue

certmonger now fails to build in rawhide/f40/c10s due to the following test failure:

Running test 038-ms-v2-template... Files /tmp/runtests5qlXWV and expected.out differ
FAIL
--- /tmp/runtests5qlXWV 2024-02-18 18:39:33.083177327 +0000
+++ expected.out    2023-10-10 18:30:51.000000000 +0000
@@ -9,3 +9,11 @@
 [csr : too many parts]
 extension not present
 [csr : oid, major version]
+    0:d=0  hl=2 l=   8 cons: SEQUENCE          
+    2:d=1  hl=2 l=   3 prim: OBJECT            :1.2.3.4
+    7:d=1  hl=2 l=   1 prim: INTEGER           :2A
+[csr : oid, major version, minor version]
+    0:d=0  hl=2 l=  11 cons: SEQUENCE          
+    2:d=1  hl=2 l=   3 prim: OBJECT            :1.2.3.4
+    7:d=1  hl=2 l=   1 prim: INTEGER           :2A
+   10:d=1  hl=2 l=   1 prim: INTEGER           :11
make[1]: Leaving directory '/builddir/build/BUILD/certmonger-0.79.19/tests'
make[1]: *** [Makefile:1097: check] Error 1

The recent openssl 3.2 bump is a possible culprit.

This was fixed in:

commit bba83217f9c6d9804b4707b3ef05e7386a4c48f5
Author: Otto Hollmann otto.hollmann@suse.com
Date: Wed Dec 13 10:23:39 2023 +0100

Update tests to be compatible with OpenSSL 3.2
In test 003-csrgen-ec OpenSSL 3.2 shows warning when reading from stdin, so
specify an input file to get rid of this warning.
In test 038-ms-v2-template openssl asn1parse shows ':Microsoft certificate
template' instead of ':1.3.6.1.4.1.311.21.7' so we have to check both versions.
See https://github.com/openssl/openssl/pull/20986

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

thanks @rcritten any chance for a 0.79.20 with that commit, or should I backport that to rawhide/f40/c10s?

I'm backporting it now to rawhide. Is F40 going to get OpenSSL 3.2 as well?

Is the c10s branch open to commits? I was under the impression it wasn't ready yet.

F40 did get openssl 3.2.

c10s isn't open yet but I can merge your fix as I'm working on bootstrapping.

I pushed the fix to F40 and rawhide. It should pick cleanly into c10s. Thanks for doing that.

Filed for c10s: https://gitlab.com/redhat/centos-stream/rpms/certmonger/-/merge_requests/13
Scratch build: https://kojihub.stream.centos.org/koji/taskinfo?taskID=3663939

Don't mind the zuul failure, that's on purpose for the branching freeze. I'll push and build once the scratch build succeeds.
Metadata
None
None
None
None
None
Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.
Red Hat Logo

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

© Red Hat, Inc. and others.