Re: Network-related change from f20-rawhide?
On Mon, 2014-05-05 at 12:34 -0500, Jon Ciesla wrote: I've got a pair of odd build failures that I'm probably missing something obvious on. I'm trying to update both openvpn and dietlibc to their latest upstreams for rawhide. They build fine locally on f20, in mock for f20, and fail locally in rawhide and mock for rawhide. Looking at the logs, the code actually seems to build, but the tests are failing. Openvpn: http://kojipkgs.fedoraproject.org//work/tasks/8039/6808039/build.log dietlibc: http://kojipkgs.fedoraproject.org//work/tasks/5251/6815251/build.log I'm probably just overbusy and missed something obvious, but if someone could point me in the right direction I'd appreciate it. Thanks in advance, -J For the record: RhBug[0] (opened when doesn't work one of my connections) Tomas Mraz 2014-03-31 05:35:25 EDT I suppose the certificate is signed with use of MD5 hash. This was disabled in Rawhide as certificates signed with MD5 hashes are not secure. Please update your certificates to be signed with at least SHA1 or even better SHA256. Upstream Bug[1] (Jon opened after some discussion in chat) Or even better, replace them with a script that generates a test certificate chain. Such scripts should then indeed use stronger algorithms and larger key sizes. Will be fixed 'soonish'. [0]https://bugzilla.redhat.com/show_bug.cgi?id=1081708 [1]https://community.openvpn.net/openvpn/ticket/400 -- -Igor Gnatenko -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Network-related change from f20-rawhide?
I've got a pair of odd build failures that I'm probably missing something obvious on. I'm trying to update both openvpn and dietlibc to their latest upstreams for rawhide. They build fine locally on f20, in mock for f20, and fail locally in rawhide and mock for rawhide. Looking at the logs, the code actually seems to build, but the tests are failing. Openvpn: http://kojipkgs.fedoraproject.org//work/tasks/8039/6808039/build.log dietlibc: http://kojipkgs.fedoraproject.org//work/tasks/5251/6815251/build.log I'm probably just overbusy and missed something obvious, but if someone could point me in the right direction I'd appreciate it. Thanks in advance, -J -- http://cecinestpasunefromage.wordpress.com/ in your fear, seek only peace in your fear, seek only love -d. bowie -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Network-related change from f20-rawhide?
On 05/05/2014 11:34 AM, Jon Ciesla wrote: I've got a pair of odd build failures that I'm probably missing something obvious on. I'm trying to update both openvpn and dietlibc to their latest upstreams for rawhide. They build fine locally on f20, in mock for f20, and fail locally in rawhide and mock for rawhide. Looking at the logs, the code actually seems to build, but the tests are failing. Openvpn: http://kojipkgs.fedoraproject.org//work/tasks/8039/6808039/build.log + ../src/openvpn/openvpn --config /var/tmp/openvpn-2.3.4-1.fc21-1000-loopback-server + ../src/openvpn/openvpn --config /var/tmp/openvpn-2.3.4-1.fc21-1000-loopback-client Fri May 2 19:06:10 2014 Diffie-Hellman initialized with 1024 bit key Fri May 2 19:06:10 2014 WARNING: file 'sample-keys/server.key' is group or others accessible Fri May 2 19:06:10 2014 Socket Buffers: R=[212992-131072] S=[212992-131072] Fri May 2 19:06:10 2014 UDPv4 link local (bound): [AF_INET]127.0.0.1:52531 Fri May 2 19:06:10 2014 UDPv4 link remote: [AF_INET]127.0.0.1:52530 Fri May 2 19:06:10 2014 TLS: Initial packet from [AF_INET]127.0.0.1:52531, sid=8ded90a5 b7b40d4d Fri May 2 19:06:10 2014 TLS: Initial packet from [AF_INET]127.0.0.1:52530, sid=fb9ae878 79f258c8 Fri May 2 19:06:10 2014 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain Fri May 2 19:06:10 2014 VERIFY ERROR: depth=0, error=certificate signature failure: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain Fri May 2 19:06:10 2014 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Fri May 2 19:06:10 2014 TLS Error: TLS object - incoming plaintext read error Fri May 2 19:06:10 2014 TLS Error: TLS handshake failed Fri May 2 19:06:10 2014 Closing TUN/TAP interface I'm guessing SSL issues for this one. Looks like certificate verification errors. I'm probably just overbusy and missed something obvious, but if someone could point me in the right direction I'd appreciate it. Thanks in advance, -J -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Network-related change from f20-rawhide?
On Mon, May 5, 2014 at 1:06 PM, Orion Poplawski or...@cora.nwra.com wrote: On 05/05/2014 11:34 AM, Jon Ciesla wrote: I've got a pair of odd build failures that I'm probably missing something obvious on. I'm trying to update both openvpn and dietlibc to their latest upstreams for rawhide. They build fine locally on f20, in mock for f20, and fail locally in rawhide and mock for rawhide. Looking at the logs, the code actually seems to build, but the tests are failing. Openvpn: http://kojipkgs.fedoraproject.org//work/tasks/8039/6808039/ build.log + ../src/openvpn/openvpn --config /var/tmp/openvpn-2.3.4-1.fc21- 1000-loopback-server + ../src/openvpn/openvpn --config /var/tmp/openvpn-2.3.4-1.fc21- 1000-loopback-client Fri May 2 19:06:10 2014 Diffie-Hellman initialized with 1024 bit key Fri May 2 19:06:10 2014 WARNING: file 'sample-keys/server.key' is group or others accessible Fri May 2 19:06:10 2014 Socket Buffers: R=[212992-131072] S=[212992-131072] Fri May 2 19:06:10 2014 UDPv4 link local (bound): [AF_INET] 127.0.0.1:52531 Fri May 2 19:06:10 2014 UDPv4 link remote: [AF_INET]127.0.0.1:52530 Fri May 2 19:06:10 2014 TLS: Initial packet from [AF_INET]127.0.0.1:52531, sid=8ded90a5 b7b40d4d Fri May 2 19:06:10 2014 TLS: Initial packet from [AF_INET]127.0.0.1:52530, sid=fb9ae878 79f258c8 Fri May 2 19:06:10 2014 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain Fri May 2 19:06:10 2014 VERIFY ERROR: depth=0, error=certificate signature failure: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Server, emailAddress=me@myhost.mydomain Fri May 2 19:06:10 2014 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Fri May 2 19:06:10 2014 TLS Error: TLS object - incoming plaintext read error Fri May 2 19:06:10 2014 TLS Error: TLS handshake failed Fri May 2 19:06:10 2014 Closing TUN/TAP interface I'm guessing SSL issues for this one. Looks like certificate verification errors. That's what I thought, but didn't bother upgrading my f20 machine's openssl to match rawhide. Now that I have, I can reproduce the error. So it's bug in either openssl or openvpn. Not sure. Looking, more eyes welcome. Didn't break the dietlibc tests, though, so that must be something else. I'm probably just overbusy and missed something obvious, but if someone could point me in the right direction I'd appreciate it. Thanks in advance, -J -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- http://cecinestpasunefromage.wordpress.com/ in your fear, seek only peace in your fear, seek only love -d. bowie -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct