Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix running tests with badssl.com #550

Merged
merged 1 commit into from
Dec 16, 2024
Merged

Conversation

marinelli
Copy link
Contributor

@marinelli marinelli commented Dec 15, 2024

Since the release of version 2.0.0 of the tls package, the default value for supportedExtendedMainSecret is RequireEMS. The badssl.com website does not support, at the moment, connections using TLS1.2+EMS:

$ true | openssl s_client -tls1_2 -connect badssl.com:443 2>&1 | sed -rn -e 's/^[[:blank:]]*((Protocol|Extended).*)$/\1/p'
Protocol  : TLSv1.2
Extended master secret: no

So, if we build the packages with an updated version of tls (>=2.0.0), we have this when we run the tests:

  test/Spec.hs:47:5: 
  1) BadSSL: we do have case-insensitivity though
       uncaught exception: HttpException
       HttpExceptionRequest Request {
       ...
       }
        (InternalException (HandshakeFailed (Error_Protocol "peer does not support Extended Main Secret" HandshakeFailure)))

I'll try to open a PR and/or create an issue in the badssl.com project, but for now I would just the AllowEMS value.

@marinelli
Copy link
Contributor Author

marinelli commented Dec 15, 2024

The badssl.com website does not support TLS1.2+EMS connections probably because they are still using an old Ubuntu version that still uses openssl v1.0. This might be intentional, I don't know.

@snoyberg snoyberg merged commit e36f741 into snoyberg:master Dec 16, 2024
@marinelli
Copy link
Contributor Author

marinelli commented Dec 16, 2024

Something didn't work :( Ah, wait, tests with lts-16 were already broken :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants