Bug#907008: mod-gnutls FTBFS: FAIL: test-16_view-status.bash

Tue, 18 Sep 2018 10:39:25 -0700 

tag 907008 + patch
thanks

Hello,

As pointed out, cipher suites removed in latest gnutls is causing the
test case to fail. The attached patch fixes the failure. It changes the
priority string to match the latest default cipher suite. The patch is
against upstream code.

Thanks,

-- 
Sunil

From 45c47fb511257edba59775cb731fdf377553a4ba Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Tue, 18 Sep 2018 09:41:47 -0700
Subject: [PATCH] Fix test 16-view-status by changing priority string

From gnutls 3.5.19 release notes:

"The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
priority strings. They are not necessary for compatibility or other purpose and
provide no advantage over their SHA1 counter-parts, as they all depend on the
legacy TLS CBC block mode."

Pick a new priority string such that the cipher suite matches the default
negotiated by gnutls 3.5.19 server and client without explicitly setting a
priority string.
---
 test/tests/16_view-status/gnutls-cli.args | 2 +-
 test/tests/16_view-status/output          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/tests/16_view-status/gnutls-cli.args b/test/tests/16_view-status/gnutls-cli.args
index aca8ac0..470925b 100644
--- a/test/tests/16_view-status/gnutls-cli.args
+++ b/test/tests/16_view-status/gnutls-cli.args
@@ -1,2 +1,2 @@
 --x509cafile=authority/x509.pem
---priority=NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA256:+RSA:+COMP-NULL:+SIGN-RSA-SHA256
+--priority=NONE:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-SECP256R1:+AES-256-GCM:+AEAD:+COMP-NULL:+SIGN-RSA-SHA1
diff --git a/test/tests/16_view-status/output b/test/tests/16_view-status/output
index 7786244..8bfb45a 100644
--- a/test/tests/16_view-status/output
+++ b/test/tests/16_view-status/output
@@ -1,5 +1,5 @@
 <dt>Using TLS:</dt><dd>yes</dd>
-<dt>Current TLS session:</dt><dd>(TLS1.2)-(RSA)-(AES-128-CBC)-(SHA256)</dd>
+<dt>Current TLS session:</dt><dd>(TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)</dd>
 </dl>
 </body></html>
 - Peer has closed the GnuTLS connection
-- 
2.18.0

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to