libssl1.1 version 1.1.1-1ubuntu2.1~18.04.2 breaks nginx ssl tests
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nginx (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Invalid
|
Undecided
|
Unassigned | ||
openssl (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Many nginx ssl tests pass with libssl1.1 version 1.1.0g-2ubuntu4.3 but fail when libssl1.1 is updated to version 1.1.1-1ubuntu2.
Repro steps:
1. Create control Dockerfile:
=======
FROM ubuntu:18.04
RUN apt-get update -y && \
apt-get upgrade -y && \
apt-get install -y git nginx-core xdg-utils openssl=
RUN git clone https:/
WORKDIR /nginx-tests
ENV TEST_NGINX_
ENV TEST_NGINX_
USER www-data
ENTRYPOINT ["prove", "."]
=======
2. Run the command in a directory with only the Dockerfile:
docker build -t nginx_image . && docker run --rm -it nginx_image
3. See output:
=======
Test Summary Report
-------------------
./grpc_
Failed tests: 11-12
Non-zero exit status: 2
./h2_server_
Failed tests: 1-2, 7-8, 10-11
Non-zero exit status: 6
./upstream_
Non-zero exit status: 2
Parse errors: No plan found in TAP output
Files=346, Tests=3782, 317 wallclock secs ( 1.87 usr 0.78 sys + 35.84 cusr 16.99 csys = 55.48 CPU)
Result: FAIL
=======
4. Create new Dockerfile (only difference is updating libssl1.1):
=======
FROM ubuntu:18.04
RUN apt-get update -y && \
apt-get upgrade -y && \
apt-get install -y git nginx-core xdg-utils openssl=
RUN git clone https:/
WORKDIR /nginx-tests
ENV TEST_NGINX_
ENV TEST_NGINX_
USER www-data
ENTRYPOINT ["prove", "."]
=======
5. See output
=======
Test Summary Report
-------------------
./grpc_
Failed tests: 11-12
Non-zero exit status: 2
./h2_server_
Failed tests: 1-2, 7-8, 10-11
Non-zero exit status: 6
./mail_ssl.t (Wstat: 768 Tests: 22 Failed: 3)
Failed tests: 3, 5-6
Non-zero exit status: 3
./proxy_ssl.t (Wstat: 512 Tests: 9 Failed: 2)
Failed tests: 4-5
Non-zero exit status: 2
./stream_
Failed tests: 4-5
Non-zero exit status: 2
./stream_ssl.t (Wstat: 768 Tests: 9 Failed: 3)
Failed tests: 2, 4-5
Non-zero exit status: 3
./stream_
Failed tests: 4-5, 9
Non-zero exit status: 3
./upstream_
Non-zero exit status: 2
Parse errors: No plan found in TAP output
./upstream_
Failed tests: 4-5, 9
Non-zero exit status: 3
Files=346, Tests=3764, 317 wallclock secs ( 2.00 usr 0.73 sys + 36.49 cusr 16.91 csys = 56.13 CPU)
Result: FAIL
=======
New failures: mail_ssl.t, proxy_ssl.t, stream_proxy_ssl.t, stream_ssl.t, stream_
Changed in nginx (Ubuntu Bionic): | |
status: | New → Incomplete |
Changed in nginx (Ubuntu Bionic): | |
status: | Incomplete → Invalid |
Changed in nginx (Ubuntu): | |
status: | Incomplete → Invalid |
Changed in openssl (Ubuntu Bionic): | |
status: | New → Fix Released |
Changed in openssl (Ubuntu): | |
status: | New → Invalid |
Default nginx configurations **in Ubuntu** do not enable SSL by default. Have you passed an SSL enabled config to your docker container first?