Source: stunnel4 Version: 3:5.48-1 X-Debbugs-CC: debian-ci@lists.debian.org, openssl@packages.debian.org User: debian-ci@lists.debian.org Usertags: needs-update Control: affects -1 src:openssl Dear maintainers, With a recent upload of openssl the autpkgtest of stunnel4 started to fail in testing. I copied some of the output below. Currently this regression is contributing to the delay of the migration of openssl to testing [1]. Could you please investigate the situation? If needed, please change the bug's severity as appropriate. If the current version of your package in testing (I mean the binary packages, not the autopkgtest) is broken by openssl and you fix the issue, please ask for the src:openssl package to include the correct versioned Breaks against your package. Reading the error log I suspect that openssl dropped support for weak algorithms on purpose (the latest upload started the transition from 1.1.0 to 1.1.1). More information about this bug and the reason for filing it can be found on https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation Paul [1] https://qa.debian.org/excuses.php?package=openssl https://ci.debian.net/data/autopkgtest/testing/amd64/s/stunnel4/865956/log.gz === logs/010_require_cert.log [ ] Clients allowed=500 [.] stunnel 5.48 on x86_64-pc-linux-gnu platform [.] Compiled with OpenSSL 1.1.0h 27 Mar 2018 [.] Running with OpenSSL 1.1.1-pre9 (beta) 21 Aug 2018 [.] Update OpenSSL shared libraries or rebuild stunnel [.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP [ ] errno: (*__errno_location ()) [.] Reading configuration from descriptor 0 [.] UTF-8 byte order mark not detected [.] FIPS mode disabled [ ] Compression disabled [ ] No PRNG seeding was required [ ] Initializing service [client] [ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK [ ] TLS options: 0x02100004 (+0x00000000, -0x00000000) [ ] Loading certificate from file: /tmp/autopkgtest-lxc.4794mt7u/downtmp/build.ahW/src/tests/certs/client_cert.pem [!] SSL_CTX_use_certificate_chain_file: 140AB18E: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak [!] Service [client]: Failed to initialize TLS context [ ] Deallocating section defaults
Attachment:
signature.asc
Description: OpenPGP digital signature