[Bug 1833476] Re: libssl1.1 version 1.1.1-1ubuntu2.1~18.04.2 breaks nginx ssl tests

Fahad fahad.alsaidi at gmail.com
Fri Jul 12 07:47:41 UTC 2019 

After upgrade to OpenSSL 1.1.1 I get this err_ssl_version_interference error in chrome.
running nginx -V I got this:

nginx -V                
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.0g  2 Nov 2017 (running with OpenSSL 1.1.1  11 Sep 2018)
TLS SNI support enabled

so I don't know where the problem from. please see 
https://trac.nginx.org/nginx/ticket/1654


** Bug watch added: trac.nginx.org/nginx/ #1654
   http://trac.nginx.org/nginx/ticket/1654

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833476

Title:
  libssl1.1 version 1.1.1-1ubuntu2.1~18.04.2 breaks nginx ssl tests

Status in nginx package in Ubuntu:
  Incomplete
Status in openssl package in Ubuntu:
  New

Bug description:
  Many nginx ssl tests pass with libssl1.1 version 1.1.0g-2ubuntu4.3 but
  fail when libssl1.1 is updated to version 1.1.1-1ubuntu2.1~18.04.2.

  Repro steps:
  1. Create control Dockerfile:
  ==========================================
  FROM ubuntu:18.04

  RUN apt-get update -y && \
    apt-get upgrade -y && \
    apt-get install -y git nginx-core xdg-utils openssl=1.1.0g-2ubuntu4.3 libnet-ssleay-perl=1.84-1build1 libio-socket-ssl-perl=2.056-1 libssl1.1=1.1.0g-2ubuntu4.3

  RUN git clone https://github.com/nginx/nginx-tests.git
  WORKDIR /nginx-tests

  ENV TEST_NGINX_BINARY=/usr/sbin/nginx
  ENV TEST_NGINX_MODULES=/usr/lib/nginx/modules

  USER www-data

  ENTRYPOINT ["prove", "."]
  ==========================================

  2. Run the command in a directory with only the Dockerfile:
  docker build -t nginx_image . && docker run --rm -it nginx_image

  3. See output:
  ==========================================
  Test Summary Report
  -------------------
  ./grpc_request_buffering.t               (Wstat: 512 Tests: 14 Failed: 2)
    Failed tests:  11-12
    Non-zero exit status: 2
  ./h2_server_tokens.t                     (Wstat: 1536 Tests: 14 Failed: 6)
    Failed tests:  1-2, 7-8, 10-11
    Non-zero exit status: 6
  ./upstream_ip_hash_ipv6.t                (Wstat: 512 Tests: 0 Failed: 0)
    Non-zero exit status: 2
    Parse errors: No plan found in TAP output
  Files=346, Tests=3782, 317 wallclock secs ( 1.87 usr  0.78 sys + 35.84 cusr 16.99 csys = 55.48 CPU)                                                                         
  Result: FAIL
  ==========================================

  4. Create new Dockerfile (only difference is updating libssl1.1):
  ==========================================
  FROM ubuntu:18.04

  RUN apt-get update -y && \
    apt-get upgrade -y && \
    apt-get install -y git nginx-core xdg-utils openssl=1.1.0g-2ubuntu4.3 libnet-ssleay-perl=1.84-1build1 libio-socket-ssl-perl=2.056-1 libssl1.1=1.1.1-1ubuntu2.1~18.04.2

  RUN git clone https://github.com/nginx/nginx-tests.git
  WORKDIR /nginx-tests

  ENV TEST_NGINX_BINARY=/usr/sbin/nginx
  ENV TEST_NGINX_MODULES=/usr/lib/nginx/modules

  USER www-data

  ENTRYPOINT ["prove", "."]
  ==========================================

  5. See output
  ==========================================
  Test Summary Report
  -------------------
  ./grpc_request_buffering.t               (Wstat: 512 Tests: 14 Failed: 2)
    Failed tests:  11-12
    Non-zero exit status: 2
  ./h2_server_tokens.t                     (Wstat: 1536 Tests: 14 Failed: 6)
    Failed tests:  1-2, 7-8, 10-11
    Non-zero exit status: 6
  ./mail_ssl.t                             (Wstat: 768 Tests: 22 Failed: 3)
    Failed tests:  3, 5-6
    Non-zero exit status: 3
  ./proxy_ssl.t                            (Wstat: 512 Tests: 9 Failed: 2)
    Failed tests:  4-5
    Non-zero exit status: 2
  ./stream_proxy_ssl.t                     (Wstat: 512 Tests: 8 Failed: 2)
    Failed tests:  4-5
    Non-zero exit status: 2
  ./stream_ssl.t                           (Wstat: 768 Tests: 9 Failed: 3)
    Failed tests:  2, 4-5
    Non-zero exit status: 3
  ./stream_upstream_zone_ssl.t             (Wstat: 768 Tests: 11 Failed: 3)
    Failed tests:  4-5, 9
    Non-zero exit status: 3
  ./upstream_ip_hash_ipv6.t                (Wstat: 512 Tests: 0 Failed: 0)
    Non-zero exit status: 2
    Parse errors: No plan found in TAP output
  ./upstream_zone_ssl.t                    (Wstat: 768 Tests: 11 Failed: 3)
    Failed tests:  4-5, 9
    Non-zero exit status: 3
  Files=346, Tests=3764, 317 wallclock secs ( 2.00 usr  0.73 sys + 36.49 cusr 16.91 csys = 56.13 CPU)
  Result: FAIL
  ==========================================

  New failures: mail_ssl.t, proxy_ssl.t, stream_proxy_ssl.t,
  stream_ssl.t, stream_upstream_zone_ssl.t, upstream_zone_ssl.t.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1833476/+subscriptions

More information about the foundations-bugs mailing list