Package: src:easy-rsa
Version: 3.1.7-1
Severity: important
Tags: sid patch
control: affects -1 src:openssl
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.2
The default value for the -nameopt option changed in OpenSSL 3.2 from
`oneline' to `utf8'. The `oneline' option also included a space around
the fields which is not the case for `utf8'.
Patch attaches fixes the issue for OpenSSL 3.2 while it still works with
earlier versions.
Sebastian
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Tue, 30 Jan 2024 22:03:19 +0100
Subject: [PATCH] debian/tests: Pass -nameopt to openssl.
The default value for the -nameopt option changed in OpenSSL 3.2 from
`oneline' to `utf8'. The `oneline' option also included a space around
the fields which is not the case for `utf8'. This means that
CN = domain.tld
changed to
CN=domain.tld
and is now longer recognized, leading to test failure.
This can be fixed by either going back to `oneline' or keeping `utf8'
and adding additionally `space_eq'. Anoter way would be to teach the
expect that the space is optional.
Add explicit -nameopt option with `utf8,space_eq' which is understood by
by OpenSSL 3.2 and earlier to make it explicit.
Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
---
debian/tests/basic-usage | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/tests/basic-usage b/debian/tests/basic-usage
index c9af11767c3a..6b633703ee26 100755
--- a/debian/tests/basic-usage
+++ b/debian/tests/basic-usage
@@ -89,7 +89,7 @@ cert_pubkey_size() {
| sed -n -e '/Public-Key: /s/^[[:space:]]*Public-Key:[[:space:]]*(\([0-9]*\) bit)$/\1/p'
}
cert_subject() {
- openssl x509 -noout -subject -in "${1:?}" | sed 's/^subject=//'
+ openssl x509 -noout -nameopt utf8,space_eq -subject -in "${1:?}" | sed 's/^subject=//'
}
--
2.43.0
