Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When building openssl with mingw64, make test is hang up #24436

Open
anlexN opened this issue May 19, 2024 · 12 comments
Open

When building openssl with mingw64, make test is hang up #24436

anlexN opened this issue May 19, 2024 · 12 comments
Labels
help wanted triaged: bug The issue/pr is/fixes a bug

Comments

@anlexN
Copy link

anlexN commented May 19, 2024
edited

  1. ./Configure mingw64
  2. make
  3. make test is hang up......

image

I can not find solution in google search and others.
@anlexN anlexN added the issue: bug report The issue was opened to report a bug label May 19, 2024
@t8m
Copy link
Member

t8m commented May 20, 2024
edited

Can you please run make test TESTS='test_sslrecords' V=1 and paste the output where it is hanging here? Ideally not as a screenshot.

@anlexN
Copy link
Author

anlexN commented May 20, 2024
edited 

$ make V=1 TESTS='test_sslrecords' test
"make" depend && "make" _tests
make[1]: Entering directory '/e/workspace/github.com/openssl/mingw-ucrt64'
make[1]: Leaving directory '/e/workspace/github.com/openssl/mingw-ucrt64'
make[1]: Entering directory '/e/workspace/github.com/openssl/mingw-ucrt64'
"make" run_tests
make[2]: Entering directory '/e/workspace/github.com/openssl/mingw-ucrt64'
( SRCTOP=../openssl \
  BLDTOP=. \
  PERL="perl" \
  FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
  EXE_EXT=.exe \
  perl ../openssl/test/run_tests.pl test_sslrecords )
00-prep_fipsmodule_cnf.t ..
# The results of this test will end up in test-runs/prep_fipsmodule
1..0 # SKIP FIPS module config file only supported in a fips build
skipped: FIPS module config file only supported in a fips build
Files=1, Tests=0,  1 wallclock secs ( 0.00 usr  0.02 sys +  0.27 cusr  0.28 csys =  0.56 CPU)
Result: NOTESTS
70-test_sslrecords.t ..
# The results of this test will end up in test-runs/test_sslrecords
1..42
Proxy started on port [::1]:43809
Server command: ../../util/wrap.pl ../../apps/openssl.exe s_server -no_comp -engine ossltest -state -ext_cache -accept [::1]:0 -cert ../../../openssl/apps/server.pem -cert2 ../../../openssl/apps/server.pem -naccept 1 -rev -max_protocol TLSv1.3 -cipher AES128-SHA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_2
Engine "ossltest" set.
Using default temp DH parameters
ACCEPT [::1]:43810
Server responds on [::1]:43810
Client command: ../../util/wrap.pl ../../apps/openssl.exe s_client -engine ossltest -connect [::1]:43809 -max_protocol TLSv1.3 -no_tls1_3 -servername localhost
SSL_accept:before SSL initialization
Engine "ossltest" set.
s_client didn't try to connect
SSL3 alert write:fatal:decode error
SSL_accept:error in error
CONNECTION FAILURE
D45B0000:error:0A000126:SSL routines::unexpected eof while reading:../openssl/ssl/record/rec_layer_s3.c:687:
# Looks like your test exited with 29 before it could output anything.
Dubious, test returned 29 (wstat 7424, 0x1d00)
Failed 42/42 subtests

Test Summary Report
-------------------
70-test_sslrecords.t (Wstat: 7424 (exited 29) Tests: 0 Failed: 0)
  Non-zero exit status: 29
  Parse errors: Bad plan.  You planned 42 tests but ran 0.
Files=1, Tests=0, 61 wallclock secs ( 0.02 usr  0.02 sys +  0.28 cusr  0.23 csys =  0.55 CPU)
Result: FAIL
make[2]: *** [Makefile:3744: run_tests] Error 1
make[2]: Leaving directory '/e/workspace/github.com/openssl/mingw-ucrt64'
make[1]: *** [Makefile:3741: _tests] Error 2
make[1]: Leaving directory '/e/workspace/github.com/openssl/mingw-ucrt64'
make: *** [Makefile:3739: tests] Error 2

my build folder is /e/workspace/github.com/openssl/mingw-ucrt64
openssl folder is /e/workspace/github.com/openssl/openssl

obviously, I think problem is started from Server command, it is path problem.

@nhorman
Copy link
Contributor

nhorman commented May 20, 2024

If you attempt to run the s_server and s_client commands manually from the command line, do either of them issue any additional warnings (or more likely crash)?

@anlexN
Copy link
Author

anlexN commented May 21, 2024
edited

after mannually update Server command:

$ ./util/wrap.pl ./apps/openssl.exe s_server -no_comp -engine ossltest -state -ext_cache -accept [::1]:0 -cert ../openssl/apps/server.pem -cert2 ../openssl/apps/server.pem -naccept 1 -rev -max_protocol TLSv1.3 -cipher AES128-SHA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_2
Engine "ossltest" set.
Using default temp DH parameters
ACCEPT [::1]:45173

It is accepting, This should have no problem.

After mannually update Client command:

$ ./util/wrap.pl ./apps/openssl.exe s_client -engine ossltest -connect [::1]:43809 -max_protocol TLSv1.3 -no_tls1_3 -servername localhost
Engine "ossltest" set.
805F0000:error:8000274D:system library:BIO_connect:Unknown error:../openssl/crypto/bio/bio_sock2.c:178:calling connect()
805F0000:error:10000067:BIO routines:BIO_connect:connect error:../openssl/crypto/bio/bio_sock2.c:180:
connect:errno=0

I think it should be openssl source code problem.

@nhorman
Copy link
Contributor

nhorman commented May 21, 2024

Its a system call error. the above is indicating that the call to connect returned -1 with errno set to 0. IIRC that typically occurs because the connect call actually attempted to establish a tcp connection with the remote process, but the handshake traffic was blocked for some reason. Nominally, this can be caused iptables or other network administrative rules in the ip stack blocking said traffic. Do you have a firewall or other iptables/similar rules established? If so, can you disable your firewall and try again?

@anlexN
Copy link
Author

anlexN commented May 21, 2024
edited

image
I have turned off all firewall.

I have run these two command as administrator:

# ./util/wrap.pl ./apps/openssl.exe s_server -no_comp -engine ossltest -state -ext_cache -accept [::1]:0 -cert ../openssl/apps/server.pem -cert2 ../openssl/apps/server.pem -naccept 1 -rev -max_protocol TLSv1.3 -cipher AES128-SHA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_2
Engine "ossltest" set.
Using default temp DH parameters
ACCEPT [::1]:46228
# ./util/wrap.pl ./apps/openssl.exe s_client -engine ossltest -connect [::1]:43809 -max_protocol TLSv1.3 -no_tls1_3 -servername localhost
Engine "ossltest" set.
C06B0000:error:8000274D:system library:BIO_connect:Unknown error:../openssl/crypto/bio/bio_sock2.c:178:calling connect()
C06B0000:error:10000067:BIO routines:BIO_connect:connect error:../openssl/crypto/bio/bio_sock2.c:180:
connect:errno=0

still be broken, what happened?

Now I turn on all firewall, not run as administrator, **set Server command port and Client command port are the same 46485

Server command:

$ ./util/wrap.pl ./apps/openssl.exe s_server -no_comp -engine ossltest -state -ext_cache -accept [::1]:46485 -cert ../openssl/apps/server.pem -cert2 ../openssl/apps/server.pem -naccept 1 -rev -max_protocol TLSv1.3 -cipher AES128-SHA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_2
Engine "ossltest" set.
Using default temp DH parameters
ACCEPT
SSL_accept:before SSL initialization
SSL_accept:before SSL initialization
SSL_accept:SSLv3/TLS read client hello
Segmentation fault (core dumped)

Client command:

$ ./util/wrap.pl ./apps/openssl.exe s_client -engine ossltest -connect [::1]:46485 -max_protocol TLSv1.3 -no_tls1_3 -servername localhost
Engine "ossltest" set.
Connecting to ::1
CONNECTED(00000138)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 215 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1716290511
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

This time, what happened too?

@nhorman
Copy link
Contributor

nhorman commented May 21, 2024

so, you answered your own question :)

you disabled your firewall, which allows the ssl client to make contact with the ssl server, but when you ran the commands you didn't specify a target port on the client, so it attempted to connect to the default server port, which the server wasn't listening on, so the connection failed.

Then, when you re-ran the commands, you properly matched the server listening port with the client target port, and everything worked.

@anlexN
Copy link
Author

anlexN commented May 21, 2024 

$ ./util/wrap.pl ./apps/openssl.exe s_client -engine ossltest -connect [::1]:46485 -max_protocol TLSv1.3 -no_tls1_3 -servername localhost
Engine "ossltest" set.
Connecting to ::1
CONNECTED(00000138)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 215 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1716290511
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

is this client command output correct? do you see "write:errno=10054" in the output?

@anlexN
Copy link
Author

anlexN commented May 25, 2024

I have another question: server port and client port must be matched in this test?

@anlexN
Copy link
Author

anlexN commented May 25, 2024
edited

I have third question: mingw32-make run_tests V=1 TESTS='test_sslrecords' is stopped:
image

In the openssl/test/recipes/, from 00-test* to 99-test*, only this test is stopped and not give me Result: PASS. others give me Result: PASS:
image

@anlexN
Copy link
Author

anlexN commented May 25, 2024

@nhorman @t8m @alex @JackDanger I value your feedback.

@alex
Copy link
Contributor

alex commented May 25, 2024

Please do not ping random people, it's rude. Especially don't ping me, I'm not even involved in maintaining OpenSSL.

@t8m t8m added help wanted triaged: bug The issue/pr is/fixes a bug and removed issue: bug report The issue was opened to report a bug labels May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alex @nhorman @t8m @anlexN