Bug#900161: ruby-openssl: FTBFS against openssl 1.1.1
On Thu, Oct 04, 2018 at 12:10:53PM +0100, peter green wrote: > i tried to modify the testsuite to use stronger keys (patch > attatched), however after doing so the testsuite now hangs (relavent > output pasted at end of message). Not sure what is going wrong here (I > am neither a ruby expert or an openssl expert). > > I have attached a patch with my changes so-far. Thanks for looking into it. There is an uptream pull request that fixes these issues: https://github.com/ruby/openssl/pull/217 I have applied the patches from there, and with an extra change to ignore 2 tests that crash due to the new policies in openssl 1.1.1, make the package build. signature.asc Description: PGP signature
Bug#900161: ruby-openssl: FTBFS against openssl 1.1.1
i tried to modify the testsuite to use stronger keys (patch attatched), however after doing so the testsuite now hangs (relavent output pasted at end of message). Not sure what is going wrong here (I am neither a ruby expert or an openssl expert). I have attached a patch with my changes so-far. /ruby-openssl-2.0.5/test/envutil.rb:258:in `assert_join_threads' Failure: test_tlsext_hostname(OpenSSL::TestSSL): exceptions on 2 threads: #: /ruby-openssl-2.0.5/test/test_ssl.rb:654:in `connect': SSL_connect returned=1 errno=0 state=error: sslv3 alert handshake failure (OpenSSL::SSL::SSLError) from /ruby-openssl-2.0.5/test/test_ssl.rb:654:in `block in test_tlsext_hostname' from /ruby-openssl-2.0.5/test/utils.rb:445:in `block (2 levels) in start_server' --- #: /ruby-openssl-2.0.5/debian/ruby-openssl/usr/lib/ruby/vendor_ruby/openssl/ssl.rb:382:in `accept': SSL_accept returned=1 errno=0 state=error: no suitable signature algorithm (OpenSSL::SSL::SSLError) from /ruby-openssl-2.0.5/debian/ruby-openssl/usr/lib/ruby/vendor_ruby/openssl/ssl.rb:382:in `accept' from /ruby-openssl-2.0.5/test/utils.rb:383:in `block in server_loop' from /ruby-openssl-2.0.5/test/utils.rb:376:in `loop' from /ruby-openssl-2.0.5/test/utils.rb:376:in `server_loop' from /ruby-openssl-2.0.5/test/utils.rb:434:in `block (2 levels) in start_server' = : (0.010154) test_unset_OP_ALL: .: (0.059083) test_verify_certificate_identity: .: (0.008254) test_verify_hostname: .: (0.007457) test_verify_hostname_on_connect: .: (0.065102) test_verify_result: .: (0.026004) test_verify_wildcard: .: (0.005284) OpenSSL::TestSSLSession: test_client_session: # terminated with exception (report_on_exception is true): Traceback (most recent call last): 9: from /ruby-openssl-2.0.5/test/utils.rb:445:in `block (2 levels) in start_server' 8: from /ruby-openssl-2.0.5/test/test_ssl_session.rb:158:in `block in test_client_session' 7: from /ruby-openssl-2.0.5/test/test_ssl_session.rb:158:in `times' 6: from /ruby-openssl-2.0.5/test/test_ssl_session.rb:168:in `block (2 levels) in test_client_session' 5: from /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:130:in `assert' 4: from /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:1636:in `_wrap_assertion' 3: from /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:163:in `block in assert' 2: from /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:53:in `assert_block' 1: from /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:1631:in `_wrap_assertion' /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:55:in `block in assert_block': is not true. (Test::Unit::AssertionFailedError) Description: Use stronger keys in tests to fix build with new openssl. Author: Peter Michael Green --- The information above should follow the Patch Tagging Guidelines, please checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here are templates for supplementary fields that you might want to add: Origin: , Bug: Bug-Debian: https://bugs.debian.org/ Bug-Ubuntu: https://launchpad.net/bugs/ Forwarded: Reviewed-By: Last-Update: 2018-10-04 Index: ruby-openssl-2.0.5/test/utils.rb === --- ruby-openssl-2.0.5.orig/test/utils.rb +++ ruby-openssl-2.0.5/test/utils.rb @@ -64,6 +64,102 @@ gBoDG3WMPZoQj9pb7uMcrnvs4APj2FIhMU8U15Lc -END RSA PRIVATE KEY- _end_of_pem_ + TEST_KEY_RSA3072 = OpenSSL::PKey::RSA.new <<-_end_of_pem_ +-BEGIN RSA PRIVATE KEY- +MIIG4wIBAAKCAYEAuOfm5u9QvTVA3injjLlNQIdNEpkygrgeKF5yZDGndcsUTIap +tdYW8e78rOFmt/LUHXZpiY/e0vo5WH6Lyp5/EGOCJqatKa21uDef3+bmsWNb9MOE +XaIRjmcNjVim4aVJdGpjQzN/ysjR8KdqRwY3TDzVBsX7eNJpKS10NiMgSGvxxLwE +00Z/YgM9RLKjtjjWLloP/cuiZcLplaXF+Tyi49u8P7yrlNheGGtU5eEZmx+XESES +izsFyFC2zhDKpGlU+v9+oSbOPy6xNB9TjsxpG6QTtGdP9T8f990EcO/TC/JAr/uk +RwoSqMZyeUT0lk+QzfkoVYsuzGjWlLnW+yLgnv4xb003sZCPa7llxhwZYajpZgdm +/xhKBWg7x8u62aOR2pqNrV7aCRbI0AY2OphTuRIj1pwgX+t7RItrLHJ9Q0hVNQYL +iJwwH7QhRcWBx4S07M1uR7u9tESqu1rm5W+AbpV/gWVZE8RGn6KHYndn1l7qjnWH +z7bJYlLHm0AExp67AgMBAAECggGADacZ1n1fIclX08+V/KMGADi9SR1ErIA5wdNP +cPR1n+3xvsDGsSVwpkZ2I7G06uokHVTL8BtOYZeWOmGFot1XFneyeXYfHQ+1djet +N1QOPpTOimERWfSIhVI4nvInyEtzBASC9chMrEVtsu45m6rq1Fc9h3WA3ufyWdcA +WKr5TD+kJ1mWpZ7z8uG4WWUzT1YdAmkl+yBZClh89M67sm52vIpR+QbOSHw9XmI2 +b47SXDDV767Ydq1R/PtwtABrZf5c5sm2ivRQG2xXUug+ykmTWLISQXqA+aWY46XL +ymvwhna9wVNWlRrsVdWyl+O3u8rTS18Y817AraZpHnc049DXovVt3qRLKzuj+EfL ++2Ut00tfdHxrrVmqcncMeFCLphhjTLK8BA7Kxnd1F6mIkH2unYb0tB+yqElX/Zvp +oDRiwpncCi0bnLq8Q+57+m5xn1dp6ebM710G3u9U63oPQAgeHHxYp5ZhvI8rgdUx +nXkQ44SqqPeAKmIkV9cS0p+jp/1JAoHBAOYE+fyTZq4DwEWM3FxvbW+VPS/Fw1oF +1ON3dSZP4UQFcubkUwZedVCdgbkXSHN4u7G7MzZw3SHaiTyCM8eBI7tc3MHo0F5W +7bBAOLrwn9129D8D9ISZaEJejXfJG7aaE
Bug#900161: ruby-openssl: FTBFS against openssl 1.1.1
Source: ruby-openssl Version: 2.0.5-1 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1.1 The new openssl 1.1.1 is currently in experimental [0]. This package failed to build against this new package [1] while it built fine against the openssl version currently in unstable [2]. Could you please have a look? The Error |/<>/test/test_ssl.rb:1280:in `initialize': SSL_CTX_use_certificate: ee key too small (OpenSSL::SSL::SSLError) is due to: 1.1.1~~pre6-1 changelog): | * Increase default security level from 1 to 2. This moves from the 80 bit | security level to the 112 bit securit level and will require 2048 bit RSA | and DHE keys. [0] https://lists.debian.org/msgid-search/20180501211400.ga21...@roeckx.be [1] https://breakpoint.cc/openssl-rebuild/2018-05-03-rebuild-openssl1.1.1-pre6/attempted/ruby-openssl_2.0.5-1_amd64-2018-05-01T21%3A05%3A24Z [2] https://breakpoint.cc/openssl-rebuild/2018-05-03-rebuild-openssl1.1.1-pre6/successful/ruby-openssl_2.0.5-1_amd64-2018-05-02T18%3A51%3A30Z Sebastian