Bug#923446: m2crypto: autopkgtest with new version of openssl: Connection refused

Sat, 02 Mar 2019 08:18:37 -0800 

control: tags -1 patch

On 2019-03-01 23:27:47 [+0100], To Paul Gevers wrote:
> debugging on openssl side gives me the same result as in #923448 which
No. I've been testing the wrong package…

So m2crypto fails due to openssl commit 1c31fe7eb093:
|Author: Sam Roberts <r...@ca.ibm.com>
|Date:   Mon Nov 26 13:58:52 2018 -0800
|
|    Ignore cipher suites when setting cipher list
|    
|    set_cipher_list() sets TLSv1.2 (and below) ciphers, and its success or
|    failure should not depend on whether set_ciphersuites() has been used to
|    setup TLSv1.3 ciphers.
|    
|    Reviewed-by: Paul Dale <paul.d...@oracle.com>
|    Reviewed-by: Ben Kaduk <ka...@mit.edu>
|    Reviewed-by: Matt Caswell <m...@openssl.org>
|    (Merged from https://github.com/openssl/openssl/pull/7759)
|    
|    (cherry picked from commit 3c83c5ba4f6502c708b7a5f55c98a10e312668da)

The thing is that m2ctypto uses TLS1.3 cipher but uses the -cipher
option instead of -ciphersuites which is for TLS1.3:
|$ openssl s_server --help 2>&1 |grep -- -cipher
| -cipher val                Specify TLSv1.2 and below cipher list to be used
| -ciphersuites val          Specify TLSv1.3 ciphersuites to be used

The patch attached against m2crypto fixes the testsuite issue.

Sebastian

>From 862167880780c1b1219b6be3864ba587f0bdddba Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Sat, 2 Mar 2019 17:08:39 +0100
Subject: [PATCH] tests/test_ssl: use -ciphercuites for TLS1.3 cipher in
 openssl1.1

The -cipher can not be used in OpenSSL 1.1.b+ for TLS1.3 cipher since
openssl upstream commit 1c31fe7eb093a ("Ignore cipher suites when
setting cipher list").

Use -ciphersuites for TLS1.3 cipher as documented.

Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
---
 tests/test_ssl.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index a3e2a318c315..925d365a5810 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -460,9 +460,10 @@ sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', '1.5'))
     def test_cipher_ok(self):
         if OPENSSL111:
             TCIPHER = 'TLS_AES_256_GCM_SHA384'
+            self.args = self.args + ['-ciphersuites', TCIPHER]
         else:
             TCIPHER = 'AES128-SHA'
-        self.args = self.args + ['-cipher', TCIPHER]
+            self.args = self.args + ['-cipher', TCIPHER]
 
         pid = self.start_server(self.args)
         try:
-- 
2.20.1

Reply via email to