[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#906981: stunnel4: autopkgtest needs update for new openssl

Source: stunnel4
Version: 3:5.48-1
X-Debbugs-CC: debian-ci@lists.debian.org, openssl@packages.debian.org
User: debian-ci@lists.debian.org
Usertags: needs-update
Control: affects -1 src:openssl

Dear maintainers,

With a recent upload of openssl the autpkgtest of stunnel4 started to
fail in testing. I copied some of the output below.

Currently this regression is contributing to the delay of the migration
of openssl to testing [1]. Could you please investigate the situation?
If needed, please change the bug's severity as appropriate. If the
current version of your package in testing (I mean the binary packages,
not the autopkgtest) is broken by openssl and you fix the issue, please
ask for the src:openssl package to include the correct versioned Breaks
against your package.

Reading the error log I suspect that openssl dropped support for weak
algorithms on purpose (the latest upload started the transition from
1.1.0 to 1.1.1).

More information about this bug and the reason for filing it can be
found on


[1] https://qa.debian.org/excuses.php?package=openssl


=== logs/010_require_cert.log

[ ] Clients allowed=500
[.] stunnel 5.48 on x86_64-pc-linux-gnu platform
[.] Compiled with OpenSSL 1.1.0h  27 Mar 2018
[.] Running  with OpenSSL 1.1.1-pre9 (beta) 21 Aug 2018
[.] Update OpenSSL shared libraries or rebuild stunnel
[.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD
[ ] errno: (*__errno_location ())
[.] Reading configuration from descriptor 0
[.] UTF-8 byte order mark not detected
[.] FIPS mode disabled
[ ] Compression disabled
[ ] No PRNG seeding was required
[ ] Initializing service [client]
[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
[ ] TLS options: 0x02100004 (+0x00000000, -0x00000000)
[ ] Loading certificate from file:
[!] SSL_CTX_use_certificate_chain_file: 140AB18E: error:140AB18E:SSL
routines:SSL_CTX_use_certificate:ca md too weak
[!] Service [client]: Failed to initialize TLS context
[ ] Deallocating section defaults

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: