[ RUN ] URLRequestTestHTTP.HTTPSToHTTPRedirectNoRefererTest
Traceback (most recent call last):
File
"/var/tmp/portage/www-client/chromium-12.0.712.0/work/chromium-12.0.712.0/net/tools/testserver/testserver.py",
line 1465, in <module>
sys.exit(main(options, args))
File
"/var/tmp/portage/www-client/chromium-12.0.712.0/work/chromium-12.0.712.0/net/tools/testserver/testserver.py",
line 1342, in main
options.ssl_bulk_cipher)
File
"/var/tmp/portage/www-client/chromium-12.0.712.0/work/chromium-12.0.712.0/net/tools/testserver/testserver.py",
line 82, in __init__
self.private_key = tlslite.api.parsePEMKey(s, private=True)
File
"/var/tmp/portage/www-client/chromium-12.0.712.0/work/chromium-12.0.712.0/third_party/tlslite/tlslite/utils/keyfactory.py",
line 146, in parsePEMKey
key = OpenSSL_RSAKey.parse(s, passwordCallback)
File
"/var/tmp/portage/www-client/chromium-12.0.712.0/work/chromium-12.0.712.0/third_party/tlslite/tlslite/utils/OpenSSL_RSAKey.py",
line 141, in parse
raise SyntaxError()
SyntaxError: None
[28665:28665:0404/184910:371811130277:ERROR:test_server_posix.cc(146)] Could
not read server_data_len
net/url_request/url_request_unittest.cc:337: Failure
Value of: https_test_server.Start()
Actual: false
Expected: true
[ FAILED ] URLRequestTestHTTP.HTTPSToHTTPRedirectNoRefererTest (1357 ms)I wouldn't expect system tlslite to work, just because the tlslite bundled does include patches that the tests rely on that aren't upstream (nb: upstream tlslite hasn't seen a release for 6 years, AFAICT)
The issue appears to be because tlslite is stricter in checking the input in OpenSSL_RSAKey than it is in Python_RSAKey, which are the two implementations it ships with for parsing keys, the underlying logic of tlslite.api.parsePEMKey(). At least on my Windows dev box, the Python_RSAKey.py path (src/third_party/tlslite/tlslite/utils/PYTHON_RSAKey.py) is the path taken when reading keys, but I suspect this is the case as well for the other platforms in the build waterfall, given that none of them are having this problem.The data being parsed is a joint certificate + private key in PEM form (see src/net/data/ssl/certificates/[ok|expired]_cert.pem). The certificate and private key are marked by PEM header blocks BEGIN/END CERTIFICATE and BEGIN/END RSA PRIVATE KEY. Python_RSAKey.py locates a private key by using s.find() for BEGIN PRIVATE KEY and BEGIN RSA PRIVATE KEY in order to determine the private key data before trying to parse, while OpenSSL_RSAKey.py uses s.startswith().Since the certificate appears before the private key in both files, s.startswith() fails (and the SyntaxError() is raised), while s.find() works, since the key is there. It's not immediately clear whether this bug is a bug in testserver.py relying on unexpected behaviour or in tlslite for the differing implementation behaviour. From the tlslite documentation in parsePEMKey(), I get the feeling the root "bug" is in testserver.py for expecting tlslite to behave like Python_RSAKey, even though that is the commonly-expected behaviour with PEM parsers.
Yes, either swapping the certificate and private key in the PEM files
or splitting the PEM files into separate certificate and private key
files is fine by me. Which one is more common in real OpenSSL-based
servers?
Ryan, thank you for your analysis of the problems.
Wan-Teh