Package: src:easy-rsa Version: 3.1.7-1 Severity: important Tags: sid patch control: affects -1 src:openssl User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-3.2
The default value for the -nameopt option changed in OpenSSL 3.2 from `oneline' to `utf8'. The `oneline' option also included a space around the fields which is not the case for `utf8'. Patch attaches fixes the issue for OpenSSL 3.2 while it still works with earlier versions. Sebastian
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Tue, 30 Jan 2024 22:03:19 +0100 Subject: [PATCH] debian/tests: Pass -nameopt to openssl. The default value for the -nameopt option changed in OpenSSL 3.2 from `oneline' to `utf8'. The `oneline' option also included a space around the fields which is not the case for `utf8'. This means that CN = domain.tld changed to CN=domain.tld and is now longer recognized, leading to test failure. This can be fixed by either going back to `oneline' or keeping `utf8' and adding additionally `space_eq'. Anoter way would be to teach the expect that the space is optional. Add explicit -nameopt option with `utf8,space_eq' which is understood by by OpenSSL 3.2 and earlier to make it explicit. Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> --- debian/tests/basic-usage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/tests/basic-usage b/debian/tests/basic-usage index c9af11767c3a..6b633703ee26 100755 --- a/debian/tests/basic-usage +++ b/debian/tests/basic-usage @@ -89,7 +89,7 @@ cert_pubkey_size() { | sed -n -e '/Public-Key: /s/^[[:space:]]*Public-Key:[[:space:]]*(\([0-9]*\) bit)$/\1/p' } cert_subject() { - openssl x509 -noout -subject -in "${1:?}" | sed 's/^subject=//' + openssl x509 -noout -nameopt utf8,space_eq -subject -in "${1:?}" | sed 's/^subject=//' } -- 2.43.0