Hi Reinhard and all, Good news, I have just finished fixing this problem, and merged it into master with https://github.com/boxbackup/boxbackup/pull/36. Please could you cut a new Debian package release and see if the tests pass for you? Or if not, point me to the failure logs?
If anyone wants to know more, the issue is quite complex, and there are no easy answers, which is why it took so long to fix. I've done my best to describe it at https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates. Please feel free to correct any mistakes that I've made. Thanks, Chris. On Sun, 10 Mar 2019 at 18:23, Reinhard Tartler <siret...@gmail.com> wrote: > On Mon, Jan 7, 2019, 16:58 Chris Wilson <chris+goo...@qwirx.com wrote: >>> >>>> Hi Reinhard, >>>> >>>> If I make the workaround suggested on this thread >>>> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907888> (change >>>> SECLEVEL to 1 in /etc/ssl/openssl.cnf) then test/basicserver passes again. >>>> This is at least a good start, so that users who don't want to replace >>>> their certificates have a workaround. I think I'll need to modify the CA >>>> scripts that generate certificates so that they produce 2048-bit keys that >>>> do not need this workaround, and document it or catch and improve the error >>>> message. >>>> >>>> > Any progress on updating the CA scripts that generate certificates so that > they produce 2048-bit keys? > > I've updated the package to git20180819.g2f5b556, but am still > experiencing a test failure: > > make[1]: Leaving directory '/<<PKGBUILDDIR>>/test/basicserver' > TEST: test/basicserver > Killing any running daemons... > Removing old test files... > chmod: cannot access 'testfiles': No such file or directory > Copying new test files... > NOTICE: Running test basicserver in debug mode... > INFO: Starting server: ./_test --test-daemon-args= srv1 > testfiles/srv1.conf > Waiting for server to die (pid 16575): . done. > INFO: Starting server: ./_test --test-daemon-args= srv2 > testfiles/srv2.conf > Waiting for server to die (pid 16579): . done. > INFO: Starting server: ./_test --test-daemon-args= srv3 > testfiles/srv3.conf > ERROR: **** TEST FAILURE: Condition [ServerIsAlive(pid)] failed at > test/basicserver/testbasicserver.cpp:628 > ERROR: **** TEST FAILURE: Condition [HUPServer(pid)] failed at > test/basicserver/testbasicserver.cpp:631 > ERROR: **** TEST FAILURE: Condition [ServerIsAlive(pid)] failed at > test/basicserver/testbasicserver.cpp:633 > ERROR: SSL or crypto error: loading certificates from > testfiles/clientCerts.pem: error:140AB18F:SSL > routines:SSL_CTX_use_certificate:ee key too small > WARNING: Exception thrown: ServerException(TLSLoadCertificatesFailed) at > lib/server/TLSContext.cpp(93) > FAILED: Exception caught: TLSLoadCertificatesFailed > > > > -- > regards, > Reinhard >
