www-clienth/chromium-21.0.1180.41 fails the following tests: [ FAILED ] HTTPSOCSPTest.Valid [ FAILED ] HTTPSOCSPTest.Revoked [ FAILED ] HTTPSOCSPTest.Invalid [ FAILED ] HTTPSEVCRLSetTest.MissingCRLSetAndInvalidOCSP [ FAILED ] HTTPSEVCRLSetTest.MissingCRLSetAndGoodOCSP [ FAILED ] HTTPSEVCRLSetTest.ExpiredCRLSet [ FAILED ] HTTPSEVCRLSetTest.FreshCRLSet [ FAILED ] HTTPSCRLSetTest.ExpiredCRLSet It looks like they all fail because of this: OCSP server started on 127.0.0.1:49813... Traceback (most recent call last): File "/var/tmp/portage/www-client/chromium-21.0.1180.41/work/chromium-21.0.1180.41/net/tools/testserver/testserver.py", line 2262, in <module> sys.exit(main(options, args)) File "/var/tmp/portage/www-client/chromium-21.0.1180.41/work/chromium-21.0.1180.41/net/tools/testserver/testserver.py", line 2073, in main options.tls_intolerant) File "/var/tmp/portage/www-client/chromium-21.0.1180.41/work/chromium-21.0.1180.41/net/tools/testserver/testserver.py", line 138, in __init__ self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, private=True) File "/var/tmp/portage/www-client/chromium-21.0.1180.41/work/chromium-21.0.1180.41/third_party/tlslite/tlslite/utils/keyfactory.py", line 146, in parsePEMKey key = OpenSSL_RSAKey.parse(s, passwordCallback) File "/var/tmp/portage/www-client/chromium-21.0.1180.41/work/chromium-21.0.1180.41/third_party/tlslite/tlslite/utils/OpenSSL_RSAKey.py", line 141, in parse raise SyntaxError() SyntaxError: None [30392:30392:0714/184718:82536040557:ERROR:local_test_server_posix.cc(151)] Could not read server_data_len The data passed to parsePEMKey there has a "BEGIN CERTIFICATE" and a "BEGIN RSA PRIVATE KEY" section (determined by adding some debug printing to the bundled tlslite). If m2crypto is available this gets fed to the OpenSSL_RSAKey module, which looks for every "BEGIN" line and only accepts "RSA PRIVATE KEY" and "PUBLIC KEY", so it throws the SyntaxError from the traceback when it sees "BEGIN CERTIFICATE". If m2crypto is not installed the Python_RSAKey module from the bundled tlslite is used, which looks for either "BEGIN PRIVATE KEY" or "BEGIN RSA PRIVATE KEY" and ignores everything else (like the "CERTIFICATE" section it gets fed). I do not know what is at fault here, tlslite or the certificate it gets fed. It looks like tlslite from git would have the same problem. Perhaps skip these tests and/or report this upstream, assuming it's present in current chromium too?
(In reply to comment #0) > I do not know what is at fault here, tlslite or the certificate it gets fed. > It looks like tlslite from git would have the same problem. Perhaps skip > these tests and/or report this upstream, assuming it's present in current > chromium too? Feel free to file an upstream bug and paste the link here. For now it's fine to skip those tests.
Tests skipped in chromium-23, but I'll keep the bug open to remember to fix the root cause.
I think this is fixed as of M31, please reopen otherwise.