Hi, On Fri, Sep 16, 2016 at 6:46 AM, Sebastian Andrzej Siewior < sebast...@breakpoint.cc> wrote:
> Package: spdylay > Version: 1.3.2-2 > Severity: important > Tags: patch > Control: block 827061 by -1 > Control: user pkg-openssl-devel-requ...@lists.alioth.debian.org > Control: usertag -1 openssl-1.1-trans-keypkg > Control: usertag -1 openssl-1.1-trans > > This package fails currently to compile against openssl 1.1.0 (currently > available in experimental). The issues look not openssl specific. The > full build of the build failure is available > https://breakpoint.cc/openssl-1.1-rebuild-2016-08-26/failed/ > spdylay_1.3.2-2_amd64-2016-08-26T19%3A47%3A25Z > > With the patch attached is manages to build. The testsuite fails then :) > The SSL error message was obtained via ERR_print_errors_fp(stderr): > > | ========================================= > | spdylay 1.3.2: tests/test-suite.log > | ========================================= > | > | # TOTAL: 3 > | # PASS: 2 > | # SKIP: 0 > | # XFAIL: 0 > | # FAIL: 1 > | # XPASS: 0 > | # ERROR: 0 > | > | .. contents:: :depth: 2 > | > | FAIL: end_to_end.py > | =================== > | > | SSL_CTX_use_certificate_file failed. > | 140680762493824:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee > key too small:ssl/ssl_rsa.c:305: > | Could not connect to the host: localhost:9893 > | error:1408F10B:SSL routines:ssl3_get_record:wrong version number > | Could not connect to the host: localhost:79 > | FCould not connect to the host: localhost:2 > | .Could not connect to the host: localhost:9893 > | Could not connect to the host: localhost:9893 > | FCould not connect to the host: localhost:9893 > | FCould not connect to the host: localhost:9893 > | FSSL_CTX_use_certificate_file failed. > | 140100289985408:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee > key too small:ssl/ssl_rsa.c:305: > | Could not connect to the host: localhost:9893 > > So it looks like the key in the test is too small. > > Sebastian > Thank you for the patch. It has been applied and merged into master branch. I've made another couple of commits to fix OpenSSL 1.1.0 deprecation warnings. spdylay end-to-end test (which failed above) require libevent which is also built with OpenSSL 1.1.0. But it seems the latest stable libevent does not compile OpenSSL 1.1.0. I guess that the above error "wrong version number" could mean that libevent has been built with older OpenSSL version. For key size issues, I renewed key pair, and now use 2048 bits public key rather than 512 bits. Best regards, Tatsuhiro Tsujikawa
