From 173cd9c1340f1f5231625a1dd4ecaea10c207622 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Tue, 14 Aug 2018 16:55:52 +0200
Subject: [PATCH] Avoid SIGPIPE in t/local/36_verify.t
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
t/local/36_verify.t fails randomly with OpenSSL 1.1.1:
# Failed test 'Verify callback result and get_verify_result are equal'
# at t/local/36_verify.t line 111.
# got: '-1'
# expected: '0'
# Failed test 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY'
# at t/local/36_verify.t line 118.
# got: '-1'
# expected: '43'
Bailout called. Further testing stopped: failed to connect to server: Connection refused
FAILED--Further testing stopped: failed to connect to server: Connection refused
I believe this because TLSv1.3 server can generate SIGPIPE if a client
disconnects too soon.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
t/local/36_verify.t | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/t/local/36_verify.t b/t/local/36_verify.t
index e55b138..2837288 100644
--- a/t/local/36_verify.t
+++ b/t/local/36_verify.t
@@ -266,10 +266,20 @@ sub run_server
return if $pid != 0;
+ $SIG{'PIPE'} = 'IGNORE';
my $ctx = Net::SSLeay::CTX_new();
Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
my $ret = Net::SSLeay::CTX_check_private_key($ctx);
BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1;
+ if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f) {
+ # TLS 1.3 server sends session tickets after a handhake as part of
+ # the SSL_accept(). If a client finishes all its job including closing
+ # TCP connectino before a server sends the tickets, SSL_accept() fails
+ # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives
+ # SIGPIPE signal. <https://github.com/openssl/openssl/issues/6904>
+ my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0);
+ BAIL_OUT("Session tickets disabled") unless $ret;
+ }
while (1)
{
--
2.14.4