Bug 44884

Summary:	84_crypto/01_openssl_protocol_versions fails
Product:	UCS Test	Reporter:	Arvid Requate <requate>
Component:	SSL	Assignee:	Philipp Hahn <hahn>
Status:	RESOLVED FIXED	QA Contact:
Severity:	normal
Priority:	P5	CC:	best, hahn
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Linux
See Also:	https://forge.univention.org/bugzilla/show_bug.cgi?id=44741
What kind of report is it?:	Development Internal	What type of bug is this?:	---
Who will be affected by this bug?:	---	How will those affected feel about the bug?:	---
User Pain:		Enterprise Customer affected?:
School Customer affected?:		ISV affected?:
Waiting Support:		Flags outvoted (downgraded) after PO Review:
Ticket number:		Bug group (optional):
Max CVSS v3 score:
Bug Depends on:	44751
Bug Blocks:

Description Arvid Requate

2017-06-28 18:03:26 CEST

This OpenSSL protocol test is flaky, at least in EC2:

http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-1/job/AutotestJoin/SambaVersion=s4,Systemrolle=master/lastCompletedBuild/testReport/junit/84_crypto/01_openssl_protocol_versions/test/history/


This similar test is ok though:

http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-1/job/AutotestJoin/SambaVersion=s4,Systemrolle=master/lastCompletedBuild/testReport/23_apache/20_ssl-protocols/test/history/

Comment 1 Florian Best

2017-06-28 18:16:29 CEST

See also r80475 - Maybe it's also a change in erratum 45.

Comment 2 Philipp Hahn

2017-06-29 08:51:55 CEST

There is only one "ACCEPT" line, while there should be five!
Adding "set -x" and removing the &>/dev/null shows this:

+ openssl s_client -connect master42.phahn.qa:10443 -CAfile /etc/univention/ssl/ucsCA/CAcert.pem -verify_return_error -quiet -ssl2
unknown option -ssl2

While "openssl s_client -h" still lists '-ssl2', it is not supported anymore with OpenSSL-1.0.2k

r80605 | Bug #44884 test: Skip openssl s_client -ssl2

Package: ucs-test
Version: 7.0.22-10A~4.2.0.201706290850
Branch: ucs_4.2-0
Scope: errata4.2-1