Details
-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhel-9.4
-
gnutls-3.8.3-1.el9
-
sst_security_crypto
-
ssg_security
-
23
-
0.2
-
False
-
-
No
-
Crypto24Q1
Description
gnutls-3.8.2-1.el9 rebuild tests fail because of the upstream `ktls.sh` test failure, for different reasons:
- in non-FIPS mode, it fails as described in https://gitlab.com/gnutls/gnutls/-/issues/1443, (Error: Decryption has failed), kernel version is 5.14.0-395.el9
- in FIPS mode, it fails differently:
/proc/modules:tls 151552 0 - Live 0xffffffffc0b61000
running ktls test with NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM
client: Peer has closed the TLS connection
running ktls test with NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM
client: Peer has closed the TLS connection
running ktls test with NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305
gnutls_ktls: gnutls_ktls.c:67: client: Assertion `gnutls_priority_set_direct(session, prio, NULL) >= 0' failed.
gnutls_ktls: gnutls_ktls.c:185: server: Assertion `gnutls_priority_set_direct(session, prio, NULL) >= 0' failed.
./ktls.sh: line 47: 126378 Aborted (core dumped) GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 GNUTLS_SYSTEM_PRIORITY_FILE="$cfg" "$builddir/gnutls_ktls" "$@"
FAIL ktls.sh (exit status: 134)
Please skip, xfail or patch this test.
Attachments
Issue Links
- links to
-
RHSA-2023:124511
gnutls bug fix and enhancement update