Alexander Barton wrote...
After two release candidates, here it is, the next major release of ngIRCd, the free, portable and lightweight Internet Relay Chat server for small or private networks: Release 26!
Yay!
• Update test suite to include SSL tests, including checking for reloading certificates during runtime.
Unfortunately this causes a failure here on a somewhat older machine[1] - although they pass on another one with an even slower CPU.
Observation:
| PASS: reload-server3 | running connect-ssl-cert2-test ...send: spawn id exp4 not open | while executing | "send "oper\r"" | (file "./connect-ssl-cert2-test.e" line 11) | | failure! | FAIL: connect-ssl-cert2-test
Some strace reveals:
This is the "openssl s_client" command from connect-ssl-cert2-test.e: | 34466 21:39:36.049056 connect(3, {sa_family=AF_INET, sin_port=htons(6790), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ECONNREFUSED (Connection refused) This is the daemon process: | 34426 21:39:36.085706 bind(7, {sa_family=AF_INET, sin_port=htons(6790), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
So a race condition. Possibly related, why does the daemon process:
| 34426 21:39:35.676268 openat(AT_FDCWD, "ssl/cert.pem", O_RDONLY|O_LARGEFILE|O_CLOEXEC <unfinished ...> | 34426 21:39:35.676830 <... openat resumed>) = 6 | 34426 21:39:35.677055 fstat64(6, <unfinished ...> | 34426 21:39:35.677179 <... fstat64 resumed>{st_mode=S_IFREG|0644, st_size=1468, ...}) = 0 | 34426 21:39:35.677307 _llseek(6, 0, <unfinished ...> | 34426 21:39:35.677411 <... _llseek resumed>[0], SEEK_CUR) = 0 | 34426 21:39:35.677535 fstat64(6, <unfinished ...> | 34426 21:39:35.677622 <... fstat64 resumed>{st_mode=S_IFREG|0644, st_size=1468, ...}) = 0 | 34426 21:39:35.677736 read(6, <unfinished ...> | 34426 21:39:35.677832 <... read resumed>"-----BEGIN CERTIFICATE-----\nMIIEDjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDExRteS5z\nZWNvbmQuZG9tYWluLnRsZDA | 34426 21:39:35.678022 read(6, <unfinished ...> | 34426 21:39:35.678177 <... read resumed>"", 4096) = 0 | 34426 21:39:35.678301 close(6 <unfinished ...> | 34426 21:39:35.678411 <... close resumed>) = 0 here: + 34426 21:39:36.083475 getpid() = 34426 | 34426 21:39:36.083612 write(1, "[34426:6 6] Discarding X509 certificate credentials from slot 0.\n", 68) = 68 | 34426 21:39:36.083818 getpid() = 34426 | 34426 21:39:36.083905 write(1, "[34426:6 6] Storing new X509 certificate credentials in slot 0.\n", 67) = 67 | 34426 21:39:36.084136 getpid() = 34426 | 34426 21:39:36.084226 write(1, "[34426:6 6] GnuTLS 3.6.14 initialized.\n", 42) = 42
lose some 300 milliseconds here? Without that, the race would not happen.
Workaround:
--- a/src/testsuite/connect-ssl-cert2-test.e +++ b/src/testsuite/connect-ssl-cert2-test.e @@ -1,6 +1,7 @@ # ngIRCd test suite # Server connect test
+sleep 1 spawn openssl s_client -quiet -connect 127.0.0.1:6790 expect { timeout { exit 1 }
Christoph
[1] | processor : 0 | cpu : 7447A, altivec supported | clock : 1249.999995MHz | revision : 1.2 (pvr 8003 0102) | bogomips : 83.24 | | timebase : 41620907 | platform : PowerMac | model : PowerMac10,1