Bug#906981: stunnel4: autopkgtest needs update for new openssl

To: submit@bugs.debian.org
Subject: Bug#906981: stunnel4: autopkgtest needs update for new openssl
From: Paul Gevers <elbrus@debian.org>
Date: Wed, 22 Aug 2018 21:44:35 +0200
Message-id: <[🔎] 704674b7-9afb-4050-5b9a-ef8674c92c86@debian.org>
Reply-to: Paul Gevers <elbrus@debian.org>, 906981@bugs.debian.org

Source: stunnel4
Version: 3:5.48-1
X-Debbugs-CC: debian-ci@lists.debian.org, openssl@packages.debian.org
User: debian-ci@lists.debian.org
Usertags: needs-update
Control: affects -1 src:openssl

Dear maintainers,

With a recent upload of openssl the autpkgtest of stunnel4 started to
fail in testing. I copied some of the output below.

Currently this regression is contributing to the delay of the migration
of openssl to testing [1]. Could you please investigate the situation?
If needed, please change the bug's severity as appropriate. If the
current version of your package in testing (I mean the binary packages,
not the autopkgtest) is broken by openssl and you fix the issue, please
ask for the src:openssl package to include the correct versioned Breaks
against your package.

Reading the error log I suspect that openssl dropped support for weak
algorithms on purpose (the latest upload started the transition from
1.1.0 to 1.1.1).

More information about this bug and the reason for filing it can be
found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=openssl

https://ci.debian.net/data/autopkgtest/testing/amd64/s/stunnel4/865956/log.gz

=== logs/010_require_cert.log

[ ] Clients allowed=500
[.] stunnel 5.48 on x86_64-pc-linux-gnu platform
[.] Compiled with OpenSSL 1.1.0h  27 Mar 2018
[.] Running  with OpenSSL 1.1.1-pre9 (beta) 21 Aug 2018
[.] Update OpenSSL shared libraries or rebuild stunnel
[.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD
TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
[ ] errno: (*__errno_location ())
[.] Reading configuration from descriptor 0
[.] UTF-8 byte order mark not detected
[.] FIPS mode disabled
[ ] Compression disabled
[ ] No PRNG seeding was required
[ ] Initializing service [client]
[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
[ ] TLS options: 0x02100004 (+0x00000000, -0x00000000)
[ ] Loading certificate from file:
/tmp/autopkgtest-lxc.4794mt7u/downtmp/build.ahW/src/tests/certs/client_cert.pem
[!] SSL_CTX_use_certificate_chain_file: 140AB18E: error:140AB18E:SSL
routines:SSL_CTX_use_certificate:ca md too weak
[!] Service [client]: Failed to initialize TLS context
[ ] Deallocating section defaults

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Bug#906885: thunderbird breaks enigmail autopkgtest
Next by Date: Bug#907020: vnstat: autopkgtest regression
Previous by thread: Bug#906885: thunderbird breaks enigmail autopkgtest
Next by thread: Bug#907020: vnstat: autopkgtest regression
Index(es):
- Date
- Thread