[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#907216: ganeti: autopkgtest needs update for new version of openssl

Source: ganeti
Version: 2.16.0~rc2-4
X-Debbugs-CC: debian-ci@lists.debian.org
User: debian-ci@lists.debian.org
Usertags: needs-update
Control: affects -1 src:openssl
Control: block 907015 by -1

Dear maintainers,

With a recent upload of openssl the autopkgtest of ganeti started to
fail in testing. I copied the output below.

Of course, openssl shouldn't just break your autopkgtest (or even worse,
your package), but the change in openssl was intended and your package
needs to update to the new situation. If needed, please change the bug's

If this is a real problem in your package (and not only in your
autopkgtest), the right binary package(s) from openssl should really add
a versioned Breaks on the unfixed version of (one of your) package(s),
hence I added a blocking relation on the openssl bug that tracks that.
Note: the Breaks is nice even if the issue is only in the autopkgtest as
it helps the migration software to figure out the right versions to
combine in the tests.

A quote from the openssl maintainer about the openssl update:
This is probably the result of the default openssl.cfg now having:
MinProtocol = TLSv1.2

Where the SECLEVEL 2 requires a 112 / 2048 bit security level.

More information about this bug and the reason for filing it can be found on


[1] https://qa.debian.org/excuses.php?package=openssl


>>>> 2018-08-24 04:43:10.452348 time=0:01:11.326832 [TestClusterInit]
gnt-cluster init
Failure: command execution error:
Could not start daemons, command /usr/lib/ganeti/daemon-util start-all
had exitcode 1 and error Error in the RPC HTTP reply from 'Node
{nodeName = "node1", nodePrimaryIp = "", nodeSecondaryIp =
"", nodeMasterCandidate = True, nodeOffline = False,
nodeDrained = False, nodeGroup = "a6f657a0-e169-488e-a845-05bebad2df85",
nodeMasterCapable = True, nodeVmCapable = True, nodeNdparams =
PartialNDParams {ndpOobProgramP = Nothing, ndpSpindleCountP = Nothing,
ndpExclusiveStorageP = Nothing, ndpOvsP = Nothing, ndpOvsNameP =
Nothing, ndpOvsLinkP = Nothing, ndpSshPortP = Nothing, ndpCpuSpeedP =
Nothing}, nodePowered = True, nodeHvStateStatic = GenericContainer
{fromContainer = fromList []}, nodeDiskStateStatic = GenericContainer
{fromContainer = fromList []}, nodeCtime = Fri Aug 24 04:42:06 UTC 2018,
nodeMtime = Fri Aug 24 04:42:06 UTC 2018, nodeUuid =
"079481f6-ded9-407f-995e-82417744f909", nodeSerial = 1, nodeTags =
fromList []}': CurlLayerError "code: CurlSSLCertProblem, explanation:
could not load PEM client certificate, OpenSSL error error:140AB18E:SSL
routines:SSL_CTX_use_certificate:ca md too weak, (no key found, wrong
pass phrase, or wrong file format?)"
No voting RPC result from ["node1"]

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: