From 173cd9c1340f1f5231625a1dd4ecaea10c207622 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Tue, 14 Aug 2018 16:55:52 +0200 Subject: [PATCH] Avoid SIGPIPE in t/local/36_verify.t MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit t/local/36_verify.t fails randomly with OpenSSL 1.1.1: # Failed test 'Verify callback result and get_verify_result are equal' # at t/local/36_verify.t line 111. # got: '-1' # expected: '0' # Failed test 'Verify result is X509_V_ERR_NO_EXPLICIT_POLICY' # at t/local/36_verify.t line 118. # got: '-1' # expected: '43' Bailout called. Further testing stopped: failed to connect to server: Connection refused FAILED--Further testing stopped: failed to connect to server: Connection refused I believe this because TLSv1.3 server can generate SIGPIPE if a client disconnects too soon. Signed-off-by: Petr Písař --- t/local/36_verify.t | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/t/local/36_verify.t b/t/local/36_verify.t index e55b138..2837288 100644 --- a/t/local/36_verify.t +++ b/t/local/36_verify.t @@ -266,10 +266,20 @@ sub run_server return if $pid != 0; + $SIG{'PIPE'} = 'IGNORE'; my $ctx = Net::SSLeay::CTX_new(); Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem); my $ret = Net::SSLeay::CTX_check_private_key($ctx); BAIL_OUT("Server: CTX_check_private_key failed: $cert_pem, $key_pem") unless $ret == 1; + if (&Net::SSLeay::OPENSSL_VERSION_NUMBER >= 0x1010100f) { + # TLS 1.3 server sends session tickets after a handhake as part of + # the SSL_accept(). If a client finishes all its job including closing + # TCP connectino before a server sends the tickets, SSL_accept() fails + # with SSL_ERROR_SYSCALL and EPIPE errno and the server receives + # SIGPIPE signal. + my $ret = Net::SSLeay::CTX_set_num_tickets($ctx, 0); + BAIL_OUT("Session tickets disabled") unless $ret; + } while (1) { -- 2.14.4