Skip to content

use sha256 in openssl test suite #8662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

use sha256 in openssl test suite #8662

wants to merge 1 commit into from

Conversation

remicollet
Copy link
Member

On modern distro (ex RHEL-9) sha1 is no more allowed with default policies

Tests failed    :   58 ( 33.7%) ( 35.2%)

Switching to sha256 in default configuration allow to reduce to

Number of tests :  172               163
Tests skipped   :    9 (  5.2%) --------
Tests warned    :    0 (  0.0%) (  0.0%)
Tests failed    :   11 (  6.4%) (  6.7%)
Tests passed    :  152 ( 88.4%) ( 93.3%)
---------------------------------------------------------------------
Time taken      :   24 seconds
=====================================================================

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
openssl_x509_verify() tests [ext/openssl/tests/openssl_x509_verify.phpt]
Capture SSL session meta array in stream context [ext/openssl/tests/session_meta_capture.phpt]
Basic bitwise stream crypto context flag assignment [ext/openssl/tests/stream_crypto_flags_001.phpt]
TLSv1.1 and TLSv1.2 bitwise stream crypto flag assignment [ext/openssl/tests/stream_crypto_flags_002.phpt]
Server bitwise stream crypto flag assignment [ext/openssl/tests/stream_crypto_flags_003.phpt]
Specific protocol method specification [ext/openssl/tests/stream_crypto_flags_004.phpt]
tls stream wrapper with min version 1.0 and max version 1.1 [ext/openssl/tests/tls_min_v1.0_max_v1.1_wrapper.phpt]
tls stream wrapper [ext/openssl/tests/tls_wrapper.phpt]
tls stream wrapper when TLS 1.3 available [ext/openssl/tests/tls_wrapper_with_tls_v1.3.phpt]
tlsv1.0 stream wrapper [ext/openssl/tests/tlsv1.0_wrapper.phpt]
tlsv1.1 stream wrapper [ext/openssl/tests/tlsv1.1_wrapper.phpt]
=====================================================================
@remicollet remicollet requested a review from bukka May 31, 2022 08:01
@remicollet remicollet mentioned this pull request May 31, 2022
Closed
@remicollet
Copy link
Member Author

@bukka please review (still work TODO, but a bit busy for now, so prefer to have this partial one merged)

It seems we have to renew the used cert (ex: openssl_x509_verify.phpt), do you have script to do this ?
Shouldn't we use the CertificateGenerator.inc instead ?

And other tests are about TLS 1.0 and 1.1 (which are no more allowed), but probably worth another PR
@bukka
Copy link
Member

bukka commented May 31, 2022

yeah it would be better to use cert generator for that test.
@remicollet
Copy link
Member Author

Merged as 03a4ccd
@remicollet remicollet closed this Jun 1, 2022
@remicollet remicollet deleted the issue--sha256 branch June 1, 2022 09:47
@bukka bukka mentioned this pull request Oct 7, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Category: Tests Extension: openssl
2 participants
@remicollet @bukka