Bug#1011076: marked as done (libssl3,mercurial: can't connect to server created with `openssl s_server -tls1`)

Mon, 23 May 2022 04:39:18 -0700 

Your message dated Mon, 23 May 2022 11:37:30 +0000
with message-id <e1nt6no-00058u...@fasolo.debian.org>
and subject line Bug#1011076: fixed in mercurial 6.1.2-1
has caused the Debian Bug report #1011076,
regarding libssl3,mercurial: can't connect to server created with `openssl 
s_server -tls1`
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1011076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011076
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libssl3,mercurial
Severity: normal
X-Debbugs-Cc: jcris...@debian.org

Hi,

mercurial's test suite no longer passes in sid, with:

> --- /<<PKGBUILDDIR>>/tests/test-https.t
> +++ /<<PKGBUILDDIR>>/tests/test-https.t.err
> @@ -362,9 +362,11 @@
>  Clients talking same TLS versions work
> 
>    $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config 
> hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT/
> -  5fed3813f7f5
> +  abort: error: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error 
> (_ssl.c:997)
> +  [100]
>    $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config 
> hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT1/
> -  5fed3813f7f5
> +  abort: error: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error 
> (_ssl.c:997)
> +  [100]
>    $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id 
> https://localhost:$HGPORT2/
>    5fed3813f7f5
> 
> @@ -399,8 +401,8 @@
>  --insecure will allow TLS 1.0 connections and override configs
> 
>    $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure 
> https://localhost:$HGPORT1/
> -  warning: connection security to localhost is disabled per current 
> settings; communication is susceptible to eavesdropping and tampering
> -  5fed3813f7f5
> +  abort: error: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error 
> (_ssl.c:997)
> +  [100]
> 
>  The per-host config option overrides the default
> 
> @@ -408,7 +410,8 @@
>    > --config hostsecurity.ciphers=DEFAULT \
>    > --config hostsecurity.minimumprotocol=tls1.2 \
>    > --config hostsecurity.localhost:minimumprotocol=tls1.0
> -  5fed3813f7f5
> +  abort: error: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error 
> (_ssl.c:997)
> +  [100]
> 
>  The per-host config option by itself works
> 
> 
> ERROR: test-https.t output changed

The failures happen in parts of the test that spin up and attempt to
connect to a TLS1.0 or TLS1.1 server.  It used to pass on 1.1.1n and (I
think) 1.1.1o.

Trying to replicate with openssl's cmdline tools, e.g.:
  openssl s_server -cert tests/sslcerts/pub.pem -key tests/sslcerts/priv.pem 
-tls1

and
  openssl s_client -connect localhost:4433 -tls1

The server reports:
4084745F427F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable 
signature algorithm:../ssl/t1_lib.c:3331:

Talking with Sebastian on IRC he suggested some extra -cipher /
-provider command line options which didn't seem to make a difference.

I guess I have two questions:
- is this a bug or an intended change?
- if it's intended, is there a way to allow these connections again?

Thanks,
Julien

--- End Message ---
--- Begin Message --- 
Source: mercurial
Source-Version: 6.1.2-1
Done: Julien Cristau <jcris...@debian.org>

We believe that the bug you reported is fixed in the latest version of
mercurial, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcris...@debian.org> (supplier of updated mercurial package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 May 2022 12:21:07 +0200
Source: mercurial
Architecture: source
Version: 6.1.2-1
Distribution: sid
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Julien Cristau <jcris...@debian.org>
Closes: 1004341 1011076
Changes:
 mercurial (6.1.2-1) sid; urgency=medium
 .
   * Add zsh_completion to debian/copyright (closes: #1004341)
   * New upstream bugfix release
   * Fix test failures with openssl 3 (closes: #1011076)
Checksums-Sha1:
 df3abc29be7871b152f9fc02a0e7d1cd24493372 2799 mercurial_6.1.2-1.dsc
 8357a11e621c046e2f526cd3dcbb2326612c2d8c 8066147 mercurial_6.1.2.orig.tar.gz
 18a52ab9f9aa334128a97961fa3a95a82cf06cee 659 mercurial_6.1.2.orig.tar.gz.asc
 31ba8337a9a695227aeb206f67cf3868508a2160 73832 mercurial_6.1.2-1.debian.tar.xz
Checksums-Sha256:
 b5e79cabf538b80ec9a01681b294dfa0a03f354e1e3f367f8cd4bef3b856d838 2799 
mercurial_6.1.2-1.dsc
 a52810fc01409828c4974d0bc2cbb5c80e948d5b584cfb1a7699623e924a2f2a 8066147 
mercurial_6.1.2.orig.tar.gz
 c34f8f2aec5e6e7caf17c54c82c206efc7974b56047989cd08fcfd11b390e130 659 
mercurial_6.1.2.orig.tar.gz.asc
 2a56ce2f684bade5da6833fe7ed37dc7f7bc7f0658bc29f84a281b3d30f7115d 73832 
mercurial_6.1.2-1.debian.tar.xz
Files:
 eb2ba12607cf6979cb315fc4754c91a7 2799 vcs optional mercurial_6.1.2-1.dsc
 05b8478d421d2c00726234b2f28ae658 8066147 vcs optional 
mercurial_6.1.2.orig.tar.gz
 3fd8cf248210f39de937623003de486b 659 vcs optional 
mercurial_6.1.2.orig.tar.gz.asc
 4eaec4e383df5655f263cf508d61bef1 73832 vcs optional 
mercurial_6.1.2-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmKLboQUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z61eJxAAgv07EM5Vo7BsgW1yBQM956oYMAA0
Bq1agOtzV5pkTiIjxnW6iqHo0pAMyQzqhl6CyjCkFMW2sYlgfp2/B32HuE8z8sTx
xY/KWLMOaRMPzCPGyVHQRYv0twYuSL6ENLOOPLv2EV1yNhNIvBSBG5u5Lo+a3Ss4
Y2mOjdrmZ4YzQ6Dvbxsefe1tuJnVmRAwQw76pmIPwf2rP7eyjHD9nPDeodehRArY
vA2gUzD9MG+Wm3yPV2Y6JhtUHdVsoSgr7mKTJURsPnlhNb+LGmdZWHVHH0IYK8bB
EZit0uqsQXTQF0muNv3JIGy6Yl3d1YG7/99yYF3nl0gDLIPGF1wzR+L4OI2wCXCm
nM1I5JNg+GVeSSIFtRziXJMwU+scnXWsOk22NEaWMOpmfxsEEPU4iojKV24x5qoe
t4NMgLo+R/yYHfvdyyXe30n4wk+QPyHWj5V0zE3goRzTI2DrvSScmUtyXrN5rjU7
n0wBb2GLatxetqWQ5lhxP8gGpANAVQiDQHZ+W7BfkT/UYZo8Qj9HNSaicLoaqN4u
8kDo/qdRFV1ckeMWO/H6X7hfKbsbOmYkAcfYDN+s6lAfmEhcmsqDRfBq38S8M5J8
JMIYC51rP6D1XA7uQXJ9vOMLx10r1g6DYO70kTmWYmgG8va2ywUKhznx6k3zztTU
gJjfu+bIPuzkn1E=
=g8gj
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to