[Swan-dev] match_certs_id()

D. Hugh Redelmeier hugh at mimosa.com
Thu Feb 7 16:27:35 UTC 2019


| From: D. Hugh Redelmeier <hugh at mimosa.com>

| My current concern is that match_certs_id only uses the first element
| on the list of certs.

| - they sometimes call it with a list of more than one cert.
|   (I know this because I planted a pexpect to test for this.)

I put a pexpect in match_certs_id to test for cases where the list had
more than one entry.  Here are all the times it fired during a test
run:

testing/pluto/nss-cert-10-notyetvalid-responder-ikev2/OUTPUT/west.console.diff:14:-003 "nss-cert" #2: EXPECTATION FAILED: st != NULL && st->st_event != NULL && st->st_event->ev_type == EVENT_RETRANSMIT (in complete_v2_state_transition at /source/programs/pluto/ikev2.c:1827)
testing/pluto/nss-cert-chain-01-ikev2/OUTPUT/east.pluto.log:1758:"nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-01-ikev2/OUTPUT/west.console.diff:8:+003 "nss-cert-chain" #2: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-01-ikev2/OUTPUT/west.console.txt:43:003 "nss-cert-chain" #2: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-01-ikev2/OUTPUT/west.console.verbose.txt:56:003 "nss-cert-chain" #2: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-01-ikev2/OUTPUT/west.pluto.log:2755:"nss-cert-chain" #2: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-01/OUTPUT/east.pluto.log:1225:"nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-01/OUTPUT/west.console.diff:7:+003 "nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-01/OUTPUT/west.console.txt:46:003 "nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-01/OUTPUT/west.console.verbose.txt:58:003 "nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-01/OUTPUT/west.pluto.log:2085:"nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-03-ikev2/OUTPUT/east.pluto.log:1578:"nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-03-ikev2/OUTPUT/west.console.diff:8:+003 "nss-cert-chain" #2: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-03-ikev2/OUTPUT/west.console.txt:45:003 "nss-cert-chain" #2: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-03-ikev2/OUTPUT/west.console.verbose.txt:57:003 "nss-cert-chain" #2: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-03-ikev2/OUTPUT/west.pluto.log:2395:"nss-cert-chain" #2: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-03/OUTPUT/east.pluto.log:1106:"nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-03/OUTPUT/west.console.diff:7:+003 "nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-03/OUTPUT/west.console.txt:48:003 "nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-03/OUTPUT/west.console.verbose.txt:59:003 "nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-03/OUTPUT/west.pluto.log:1890:"nss-cert-chain" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-04-ikev2/OUTPUT/east.pluto.log:1756:"road-A"[1] 192.1.2.45 #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-04-ikev2/OUTPUT/east.pluto.log:1858:"road-chain-B"[1] 192.1.2.45 #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-04/OUTPUT/east.pluto.log:1707:"road-A"[1] 192.1.2.45 #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-chain-04/OUTPUT/east.pluto.log:1844:"road-chain-B"[1] 192.1.2.45 #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-ocsp-01-chain/OUTPUT/east.pluto.log:1169:"nss-cert-ocsp" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-ocsp-01-chain/OUTPUT/west.console.diff:7:+003 "nss-cert-ocsp" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-ocsp-01-chain/OUTPUT/west.console.txt:44:003 "nss-cert-ocsp" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-ocsp-01-chain/OUTPUT/west.console.verbose.txt:54:003 "nss-cert-ocsp" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
testing/pluto/nss-cert-ocsp-01-chain/OUTPUT/west.pluto.log:2017:"nss-cert-ocsp" #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)


More information about the Swan-dev mailing list