Source: ruby-openssl Version: 2.0.5-1 X-Debbugs-CC: debian...@lists.debian.org, open...@packages.debian.org User: debian...@lists.debian.org Usertags: needs-update Control: affects -1 src:openssl Control: block 907015 by -1
Dear maintainers, With a recent upload of openssl the autopkgtest of ruby-openssl started to fail in testing. I copied the output of the first three errors below (the others seem to be all very similar). Currently this regression is contributing to the delay of the migration of openssl to testing [1]. Of course, openssl shouldn't just break your autopkgtest (or even worse, your package), but it seems to me that the change openssl was intended and your package needs to update to the new situation. If needed, please change the bug's severity. If this is a real problem in your package (and not only in your autopkgtest), the right binary package(s) from openssl should really add a versioned Breaks on the unfixed version of (one of your) package(s), hence I added a blocking relation on the openssl bug that tracks that. Note: the Breaks is nice even if the issue is only in the autopkgtest as it helps the migration software to figure out the right versions to combine in the tests. A quote from the openssl maintainer about the openssl update: " This is probably the result of the default openssl.cfg now having: [system_default_sect] MinProtocol = TLSv1.2 CipherString = DEFAULT@SECLEVEL=2 Where the SECLEVEL 2 requires a 112 / 2048 bit security level. " More information about this bug and the reason for filing it can be found on https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation Paul [1] https://qa.debian.org/excuses.php?package=openssl https://ci.debian.net/data/autopkgtest/testing/amd64/r/ruby-openssl/869658/log.gz =============================================================================== Error: test_dup(OpenSSL::TestPKeyRSA): OpenSSL::PKey::RSAError: key size too small /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_pkey_rsa.rb:257:in `generate' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_pkey_rsa.rb:257:in `test_dup' 254: end 255: 256: def test_dup => 257: key = OpenSSL::PKey::RSA.generate(256, 17) 258: key2 = key.dup 259: assert_equal key.params, key2.params 260: key2.set_key(key2.n, 3, key2.d) =============================================================================== =============================================================================== Failure: test_alpn_protocol_selection_ary(OpenSSL::TestSSL): exceptions on 1 threads: #<Thread:0x00005565bf178368@/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:330 dead>: /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1282:in `connect': Connection reset by peer - SSL_connect (Errno::ECONNRESET) from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1282:in `server_connect' from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:910:in `block in test_alpn_protocol_selection_ary' from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:332:in `block (2 levels) in start_server' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/envutil.rb:258:in `assert_join_threads' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:339:in `block in start_server' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:293:in `pipe' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:293:in `start_server' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1270:in `start_server_version' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:907:in `test_alpn_protocol_selection_ary' 904: } 905: ctx.alpn_protocols = advertised 906: } => 907: start_server_version(:SSLv23, ctx_proc) { |server, port| 908: ctx = OpenSSL::SSL::SSLContext.new 909: ctx.alpn_protocols = advertised 910: server_connect(port, ctx) { |ssl| =============================================================================== =============================================================================== Failure: test_client_auth_success(OpenSSL::TestSSL): exceptions on 2 threads: #<Thread:0x00005565bede53e0@/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:330 dead>: /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1280:in `initialize': SSL_CTX_use_certificate: ee key too small (OpenSSL::SSL::SSLError) from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1280:in `new' from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1280:in `server_connect' from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:134:in `block in test_client_auth_success' from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:332:in `block (2 levels) in start_server' --- #<Thread:0x00005565bede5818@/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:319 dead>: /usr/lib/ruby/vendor_ruby/openssl/ssl.rb:380:in `initialize': SSL_CTX_use_certificate: ee key too small (OpenSSL::SSL::SSLError) from /usr/lib/ruby/vendor_ruby/openssl/ssl.rb:380:in `new' from /usr/lib/ruby/vendor_ruby/openssl/ssl.rb:380:in `accept' from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:270:in `block in server_loop' from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:263:in `loop' from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:263:in `server_loop' from /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:321:in `block (2 levels) in start_server' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/envutil.rb:258:in `assert_join_threads' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:339:in `block in start_server' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:293:in `pipe' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:293:in `start_server' /tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:129:in `test_client_auth_success' 126: 127: def test_client_auth_success 128: vflag = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT => 129: start_server(verify_mode: vflag) { |server, port| 130: ctx = OpenSSL::SSL::SSLContext.new 131: ctx.key = @cli_key 132: ctx.cert = @cli_cert ===============================================================================
signature.asc
Description: OpenPGP digital signature
