Bug#1061458: gdm3: Testsuite breaks with openssl 3.2

Wed, 24 Jan 2024 12:51:14 -0800 

Package: src:gdm3
Version: 45.0.1-2
Severity: important
Tags: sid patch
control: affects -1 src:openssl
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.2

The argument "-extensions v3_ca" for req is invalid and not considered.
Earlier versions of openssl silently ignored that argument, openssl 3.2
throws an error now, see
        https://ci.debian.net/packages/g/gdm3/unstable/amd64/
        https://ci.debian.net/packages/g/gdm3/unstable/amd64/41875309/

Sebastian

From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Wed, 24 Jan 2024 21:32:49 +0100
Subject: [PATCH] debian: Adapt tests for openssl3.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The argument "-extensions v3_ca" for req is invalid and not considered.
Earlier versions of openssl silently ignored that argument, openssl 3.2
throws an error now:
|  openssl req -batch -new -nodes … -extensions v3_ca …
| Error adding request extensions from section v3_ca
| 0071DD54987F0000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:../crypto/x509/v3_akid.c:156:
| 0071DD54987F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:../crypto/x509/v3_conf.c:48:section=v3_ca, name=authorityKeyIdentifier, value=keyid:always,issuer:always

Remove the not relevant argument "-extensions v3_ca".

Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
---
 debian/tests/sssd-softhism2-certificates-tests.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/debian/tests/sssd-softhism2-certificates-tests.sh b/debian/tests/sssd-softhism2-certificates-tests.sh
index 00c533f127dd..a68812673983 100644
--- a/debian/tests/sssd-softhism2-certificates-tests.sh
+++ b/debian/tests/sssd-softhism2-certificates-tests.sh
@@ -217,7 +217,6 @@ openssl req \
   -key "$tmpdir/test-intermediate-CA-key.pem" \
   -passout "$root_ca_key_pass" \
   -sha256 \
-  -extensions v3_ca \
   -out "$tmpdir/test-intermediate-CA-certificate-request.pem"
 
 openssl req -text -noout -in "$tmpdir/test-intermediate-CA-certificate-request.pem"
@@ -306,7 +305,6 @@ openssl req \
   -key "$tmpdir/test-sub-intermediate-CA-key.pem" \
   -passout "$intermediate_ca_key_pass" \
   -sha256 \
-  -extensions v3_ca \
   -out "$tmpdir/test-sub-intermediate-CA-certificate-request.pem"
 
 openssl req -text -noout -in "$tmpdir/test-sub-intermediate-CA-certificate-request.pem"
-- 
2.43.0

Reply via email to