Issue #7197 has been updated by kwilczynski (Krzysztof Wilczynski).
Hey,
I have had a look, and it does look like an upstream problem at the
first glance. There seem to be a bug open against this particular
version of OpenSSL (openssl and libssl in Ubuntu) describing similar
problems that other people reported with any version higher than 1.0.0h
and/or 1.0.0j (anything from 1.0.1-1 ownards):
Ubuntu:
Bug #965371 “HTTPS requests fail on sites which immediately clos...” : Bugs : openssl package : Ubuntu
Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665452
OpenSSL:
http://http://rt.openssl.org/Ticket/Display.html?id=2802
Said that, even version 1.0.1c (1.0.1c-3ubuntu2) from 12.10 (Quantal
Quetzal) will manifest this problem causing this particular test
(OpenSSL::TestSSL#test_tls_v1_2) to fail.
I decied to also check Fedora 17 with their version of OpenSSL 1.0.1
(openssl-1.0.1-0.1.beta2.fc17.x86_64), and then the following two tests
will fail:
[ 772/11238] OpenSSL::TestSSL#test_tls_v1_1 = 0.01 s
- Error:
test_tls_v1_1(OpenSSL::TestSSL):
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3
read server hello A: unsupported protocol
/home/krzysztof/Development/Projects/Other/ruby/test/openssl/test_ssl.rb:607:in
connect' /home/krzysztof/Development/Projects/Other/ruby/test/openssl/test_ssl.rb:607:in
server_connect’
/home/krzysztof/Development/Projects/Other/ruby/test/openssl/test_ssl.rb:441:in
block in test_tls_v1_1' /home/krzysztof/Development/Projects/Other/ruby/test/openssl/utils.rb:293:in
call’
/home/krzysztof/Development/Projects/Other/ruby/test/openssl/utils.rb:293:in
start_server' /home/krzysztof/Development/Projects/Other/ruby/test/openssl/test_ssl.rb:593:in
start_server_version’
/home/krzysztof/Development/Projects/Other/ruby/test/openssl/test_ssl.rb:440:in
`test_tls_v1_1’
[ 792/11238] OpenSSL::TestX509Certificate#test_dsig_algorithm_mismatch
= 0.00 s
2) Failure:
test_dsig_algorithm_mismatch(OpenSSL::TestX509Certificate)
[/home/krzysztof/Projects/ruby/test/openssl/test_x509cert.rb:176]:
OpenSSL::X509::CertificateError expected but nothing was raised.
When you downgrade packages to the last version pre 1.0.1 release in
both Ubuntu and Fedora, then none of the OpenSSL tests will fail:
Ubuntu (openssl and libssl) version from 11.10 (Oneiric Ocelot):
1.0.0e-2ubuntu4.6
All OpenSSL tests will pass.
Fedora (openssl and openssl-devel) stock version from Fedora 17:
openssl-1.0.0j-2.fc17.x86_64
All OpenSSL tests will pass.
There is something going on with the OpenSSL version after 1.0.0j, and I
am not sure if this is something that we have to fix, or the upstream.
KW
Bug #7197: Error: test_tls_v1_2(OpenSSL::TestSSL)
Author: znz (Kazuhiro NISHIYAMA)
Status: Open
Priority: Normal
Assignee:
Category: ext
Target version: 2.0.0
ruby -v: ruby 2.0.0dev (2012-10-20 trunk 37273) [x86_64-linux]
Ubuntu 12.04.1 LTS 64-bit の環境で以下のエラーが出ています。
- Error:
test_tls_v1_2(OpenSSL::TestSSL):
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=unknown
state: tlsv1 alert protocol version
…/test/openssl/test_ssl.rb:607:in connect' .../test/openssl/test_ssl.rb:607:in
server_connect’
…/test/openssl/test_ssl.rb:468:in block in test_tls_v1_2' .../test/openssl/utils.rb:293:in
call’
…/test/openssl/utils.rb:293:in start_server' .../test/openssl/test_ssl.rb:593:in
start_server_version’
…/test/openssl/test_ssl.rb:467:in `test_tls_v1_2’
OpenSSL のバージョンは以下の通りです。
% openssl version
OpenSSL 1.0.1 14 Mar 2012
% dpkg -l openssl | grep ‘^ii’
ii openssl 1.0.1-4ubuntu5.5
Secure Socket Layer (SSL) binary and related cryptographic tools
%