Fix qt jenkins nightly test failure #9584

miyazakh · 2025-12-26T08:37:09Z

Description

Qt nightly Jenkins tests started failing after PR9522 was merged. OpenSSL performs date validation even when there are other verification issues. This PR reverts the removed logic and now uses X509StoreVerifyCertDate().

Testing

Add unit test
Run qt unit test

Checklist

added tests
updated/added doxygen
updated appropriate READMEs
Updated manual and documentation

devin-ai-integration · 2025-12-26T08:37:49Z

🛟 Devin Lifeguard found 3 likely issues in this PR

no-memory-leaks snippet: Call X509_free(ca); immediately before setting ca = NULL; (and remove the second X509_free(cert)), in both newly-added blocks of test_wolfSSL_X509_STORE_check_time.
check-all-return-codes snippet: Capture and assert the return value from X509_VERIFY_PARAM_set_flags(), e.g. ExpectIntEQ(X509_VERIFY_PARAM_set_flags(store->param, WOLFSSL_NO_CHECK_TIME), 1);.
pointer-null-check snippet: Change the condition to if (ctx->store != NULL && ctx->store->verify_cb != NULL) before using ctx->store->verify_cb.

@miyazakh
please take a look at the above issues which Devin flagged. Devin will not fix these issues automatically.

miyazakh · 2025-12-26T09:58:06Z

retest this please

Found unhandled org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException exception:

julek-wolfssl · 2025-12-29T18:12:53Z

src/x509_str.c

                    ret = ASN_BEFORE_DATE_E;
                }
            }
+        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)


We are moving away from port specific code in wolfSSL. WOLFSSL_QT already enables OPENSSL_ALL.

Suggested change

#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)

#if defined(OPENSSL_ALL)

julek-wolfssl · 2025-12-29T18:13:25Z

src/x509_str.c

    #endif
    }
-
+    #if !defined(NO_ASN_TIME) && (defined(OPENSSL_ALL) || defined(WOLFSSL_QT))


Suggested change

#if !defined(NO_ASN_TIME) && (defined(OPENSSL_ALL) || defined(WOLFSSL_QT))

#if !defined(NO_ASN_TIME) && defined(OPENSSL_ALL)

julek-wolfssl · 2025-12-29T18:13:40Z

src/x509_str.c

+    #if !defined(NO_ASN_TIME) && (defined(OPENSSL_ALL) || defined(WOLFSSL_QT))
+        if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) &&
+            ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) {
+        /* With Qt and OpenSSL, we need to check the certificate's date


Suggested change

/* With Qt and OpenSSL, we need to check the certificate's date

/* With OpenSSL, we need to check the certificate's date

julek-wolfssl · 2025-12-29T18:14:40Z

src/x509_str.c

+            ret = X509StoreVerifyCertDate(ctx, ret);
+            SetupStoreCtxError(ctx, ret);
+            if (ctx->store->verify_cb)
+                ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0,


Shouldn't only ret == 0 be success?

julek-wolfssl · 2025-12-29T18:17:05Z

src/x509_str.c

+                ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0,
+                                            ctx) == 1 ? WOLFSSL_SUCCESS : -1;


This is much more readable.

Suggested change

ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0,

ctx) == 1 ? WOLFSSL_SUCCESS : -1;

ret = ret == 0 ? 1 : 0

if (ctx->store->verify_cb(ret, ctx) == 1)

ret = WOLFSSL_SUCCESS;

else

ret = -1;

julek-wolfssl · 2025-12-29T18:17:41Z

tests/api/test_ossl_x509_str.c

+static int X509Callback(int ok, X509_STORE_CTX *ctx)
+{
+
+    if (!ok) {
+        last_errcode[err_index]    = X509_STORE_CTX_get_error(ctx);
+        last_errdepth[err_index++] = X509_STORE_CTX_get_error_depth(ctx);
+    }
+    /* Always return OK to allow verification to continue.*/
+    return 1;
+}


Add some bounds check to err_index.

julek-wolfssl · 2025-12-29T18:20:09Z

tests/api/test_ossl_x509_str.c

+static int X509Callback(int ok, X509_STORE_CTX *ctx)
+{
+
+    if (!ok) {
+        last_errcode[err_index]    = X509_STORE_CTX_get_error(ctx);
+        last_errdepth[err_index++] = X509_STORE_CTX_get_error_depth(ctx);
+    }
+    /* Always return OK to allow verification to continue.*/
+    return 1;
+}


Write a new callback and place it next to relevant tests. Keep X509Callback as is for test_X509_STORE_InvalidCa and write a new callback function for test_wolfSSL_X509_STORE_check_time. This will make it easier to manage.

julek-wolfssl · 2025-12-29T18:20:50Z

tests/api/test_ossl_x509_str.c

 #include <tests/api/api.h>
 #include <tests/api/test_ossl_x509_str.h>

+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && \


Suggested change

#if (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && \

#if defined(OPENSSL_ALL) && \

julek-wolfssl · 2025-12-29T18:21:14Z

tests/api/test_ossl_x509_str.c

    wolfSSL_X509_free(cert);
    cert = NULL;
+
+#if (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && \


Suggested change

#if (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && \

#if defined(OPENSSL_ALL) && \

miyazakh self-assigned this Dec 26, 2025

fix qt jenkins nightly test failure

20f8084

miyazakh force-pushed the fix_qtfail branch from 124c27b to 20f8084 Compare December 26, 2025 09:10

dgarske assigned wolfSSL-Bot Dec 26, 2025

miyazakh removed their assignment Dec 26, 2025

dgarske requested a review from julek-wolfssl December 29, 2025 17:21

julek-wolfssl requested changes Dec 29, 2025

View reviewed changes

julek-wolfssl assigned miyazakh and unassigned wolfSSL-Bot Dec 29, 2025

julek-wolfssl requested changes Dec 29, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix qt jenkins nightly test failure #9584

Fix qt jenkins nightly test failure #9584

miyazakh commented Dec 26, 2025 •

edited

Loading

Uh oh!

devin-ai-integration bot commented Dec 26, 2025

Uh oh!

miyazakh commented Dec 26, 2025

Uh oh!

julek-wolfssl Dec 29, 2025

Uh oh!

julek-wolfssl Dec 29, 2025

Uh oh!

julek-wolfssl Dec 29, 2025

Uh oh!

julek-wolfssl Dec 29, 2025

Uh oh!

julek-wolfssl Dec 29, 2025

Uh oh!

julek-wolfssl Dec 29, 2025

Uh oh!

julek-wolfssl Dec 29, 2025

Uh oh!

julek-wolfssl Dec 29, 2025

Uh oh!

julek-wolfssl Dec 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
	#if defined(OPENSSL_ALL)

	#if !defined(NO_ASN_TIME) && (defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT))
	#if !defined(NO_ASN_TIME) && defined(OPENSSL_ALL)

	/* With Qt and OpenSSL, we need to check the certificate's date
	/* With OpenSSL, we need to check the certificate's date

		ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0,
		ctx) == 1 ? WOLFSSL_SUCCESS : -1;

-                ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0,
-                                            ctx) == 1 ? WOLFSSL_SUCCESS : -1;
+                ret = ret == 0 ? 1 : 0
+                if (ctx->store->verify_cb(ret, ctx) == 1)
+                    ret = WOLFSSL_SUCCESS;
+                else
+                    ret = -1;

	#if (defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)) && \
	#if defined(OPENSSL_ALL) && \

Fix qt jenkins nightly test failure #9584

Are you sure you want to change the base?

Fix qt jenkins nightly test failure #9584

Conversation

miyazakh commented Dec 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Testing

Checklist

Uh oh!

devin-ai-integration bot commented Dec 26, 2025

Uh oh!

miyazakh commented Dec 26, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

miyazakh commented Dec 26, 2025 •

edited

Loading