On Thu, Sep 28, 2023 at 02:27:14PM -0700, John Schanck wrote: > Hi Brian, > > You can ignore those errors. NSS 3.90 shipped with a few test > certificates that expired in September. See also: > https://bugzilla.mozilla.org/show_bug.cgi?id=1813401
Thank you for a succinct and informative response; that helps me calm down. :) I can modify this packaging to build a more recent release. I think 3.93 is the latest; is that correct? > > John > > On Thu, Sep 28, 2023 at 2:06???PM Brian Reichert <reich...@numachi.com> wrote: > > > > I'm rebuilding SLES 12's mozilla-nss-3.90-58.104.1 from a source > > RPM. > > > > This successfully builds binaries, but logic in the SPEC file triggers > > a bunch of self-tests to run. Some of these tests are failing, and > > I was hoping to get some guidance about correcting, or selectively > > ignoring these errors. > > > > This, of course means stock nss-3.90, but modified by SLES's ~40 > > patches. I acknowledge that this makes this question not at all > > appropriate for this forum, but all of SLES's support forums a > > patently useless, in my experience. > > > > Anyway: > > > > I have retained full logs of the build and test run, which I could > > provide to anyone who's curious. > > > > It ends with this: > > > > Tests summary: > > -------------- > > Passed: 11550 > > Failed: 24 > > Failed with core: 0 > > ASan failures: 0 > > Unknown status: 25 > > TinderboxPrint:Unknown: 25 > > > > The first reported failure is, (I think) is: > > > > chains.sh: #1039: TrustAnchors: Verifying certificate(s) > > NameConstraints.server2.cert NameConstraints.intermediate.cert with flags > > -d trustanchorsDB -pp - PASSED > > chains.sh: Verifying certificate(s) NameConstraints.server3.cert > > NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp > > vfychain -d trustanchorsDB -pp -vv > > /home/breichert/testing/rpmbuild/mozilla-nss_new > > /BUILD/nss-3.90/nss/tests/libpkix/certs/NameConstraints.server3.cert > > /home/breichert/testing/rpmbuild/mozilla-nss_new/BUILD/nss-3.90/nss/tests/libpkix/certs/NameConstraints.intermediate.cert > > Chain is bad! > > PROBLEM WITH THE CERT CHAIN: > > CERT 0. CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US : > > ERROR -8181: Peer's Certificate has expired. > > Returned value is 1, expected result is pass > > chains.sh: #1040: TrustAnchors: Verifying certificate(s) > > NameConstraints.server3.cert NameConstraints.intermediate.cert with flags > > -d trustanchorsDB -pp - FAILED > > > > If I look for all of the FAILED messages, they're all related to > > 'TrustAnchors: Verifying certificate(s)'. > > > > Does this sound like an environmental issue? Do these tests pass > > with a stock 3.90 install? (I would hope so...) > > > > I'm happy to provide more information, and will accept any advice offered. > > > > -- > > Brian Reichert <reich...@numachi.com> > > BSD admin/developer at large > > > > -- > > You received this message because you are subscribed to the Google Groups > > "dev-tech-crypto@mozilla.org" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to dev-tech-crypto+unsubscr...@mozilla.org. > > To view this discussion on the web visit > > https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/20230928210614.GT365%40numachi.com. > > -- > You received this message because you are subscribed to the Google Groups > "dev-tech-crypto@mozilla.org" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dev-tech-crypto+unsubscr...@mozilla.org. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAFgAd7EStBc0kq8CEvajakHZuGVNS-8OvX%2BJdS2b-VMh6jm1wA%40mail.gmail.com. -- Brian Reichert <reich...@numachi.com> BSD admin/developer at large -- You received this message because you are subscribed to the Google Groups "dev-tech-crypto@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-crypto+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/20230929134234.GU365%40numachi.com.
