Hi, On 2025-04-08 07:36, Santiago Vila wrote: > Package: src:nng > Version: 1.10.1-1 > Severity: serious > Tags: ftbfs trixie sid > > Dear maintainer: > > During a rebuild of all packages in unstable, your package failed to build: > > Note: This is an "always" failure, and I think it's triggered by some > build-dependency which changed behavior recently. > > -------------------------------------------------------------------------------- > [...] > The following tests FAILED: > 36 - nng.sp.transport.tls.tls_tran_test (Timeout) > Errors while running CTest > make[2]: *** [Makefile:94: test] Error 8 > make[2]: Leaving directory '/<<PKGBUILDDIR>>/build-static' > dh_auto_test: error: cd build-static && make -j2 test ARGS\+=--verbose > ARGS\+=-j2 returned exit code 2 > make[1]: *** [debian/rules:25: override_dh_auto_test] Error 25 > make[1]: Leaving directory '/<<PKGBUILDDIR>>' > make: *** [debian/rules:39: binary] Error 2 > dpkg-buildpackage: error: debian/rules binary subprocess returned exit status > 2 > --------------------------------------------------------------------------------
The problem is easily reproducible and is caused by mbedtls 3.6.3-1, ad it builds fine with mbedtls 3.6.2-3. The new mbedtls version emits this additional line: WARNING: NNG-TLS-HANDSHAKE: TLS handshake failed: SSL - Attempt to verify a certificate without an expected hostname. This is usually insecure. In TLS clients, when a client authenticates a server through its certificate, the client normally checks three WARNING: NNG-CONN-FAIL: Failed connecting socket<2> to tls+tcp://127.0.0.1:42757: Cryptographic error My guess is that this is linked to the CVE-2025-27809 fix. Regards Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://aurel32.net
