auth-nonascii test fails or segfaults depending on system environment

David Woodhouse dwmw2 at
Mon Aug 14 05:36:31 PDT 2017

On Mon, 2017-07-10 at 16:29 -0700, Mike Miller wrote:
> Hi,
> I noticed that the recently added test "auth-nonascii" fails as
> currently written under a handful of different system configurations.
> In short, I think using LC_CTYPE in the script is not a strong enough
> constraint, because the caller's LC_ALL may override it if set. Using
> LC_ALL as in the following patch fixes this for me.
> diff --git a/tests/auth-nonascii b/tests/auth-nonascii
> index d930b117d29c..1da8de25464a 100755
> --- a/tests/auth-nonascii
> +++ b/tests/auth-nonascii
> @@ -34,7 +34,7 @@ set -x
>  for CHARSET in UTF-8 ISO8859-2; do
>      echo -n "Connecting to obtain cookie (with password charset ${CHARSET})... "
>      CERTARGS="-c ${KEY} --key-password $(cat ${srcdir}/pass-${CHARSET})"
> -    ( echo "test" | LC_CTYPE=cs_CZ.${CHARSET} $OPENCONNECT -q $ADDRESS:443 -u test $CERTARGS --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly --passwd-on-stdin ) ||
> +    ( echo "test" | LC_ALL=cs_CZ.${CHARSET} $OPENCONNECT -q $ADDRESS:443 -u test $CERTARGS --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly --passwd-on-stdin ) ||
>  	fail $PID "Could not connect with charset ${CHARSET}!"
>  done

Thanks. I've just pushed that fix.

> I think it's also worth reporting that OpenConnect segfaults if the
> cs_CZ locales are not available on the system when this test runs,
> either with or without this change:
>   iconv: Invalid or incomplete multibyte or wide character
>   *** Error in `/.../.libs/openconnect': free(): invalid pointer: 0x00007ffe53d2d7e4 ***
>   free called from load_pkcs12_certificate at gnutls.c:526

Yay for testing :)

I actually had a fix for that lying around in my tree for a while; have
finally pushed it now. Thanks!

I note that the auth-nonascii test still fails on Ubuntu 16.04, as even
in the trivial case of the default UTF-8 (in my case en_GB) locale,
GnuTLS won't open the file:

Using certificate file ./certs/user-key-nonascii-password.p12
Failed to process PKCS#12 file: The given password contains invalid characters.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4938 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list