Source: m2crypto Version: 0.27.0-6 X-Debbugs-CC: debian-ci@lists.debian.org User: debian-ci@lists.debian.org Usertags: needs-update Control: affects -1 src:openssl Control: block 907015 by -1 Dear maintainers, With a recent upload of openssl the autopkgtest of m2crypto started to fail in testing. I copied some of the output below. Of course, openssl shouldn't just break your autopkgtest (or even worse, your package), but the change in openssl was intended and your package needs to update to the new situation. If needed, please change the bug's severity. If this is a real problem in your package (and not only in your autopkgtest), the right binary package(s) from openssl should really add a versioned Breaks on the unfixed version of (one of your) package(s), hence I added a blocking relation on the openssl bug that tracks that. Note: the Breaks is nice even if the issue is only in the autopkgtest as it helps the migration software to figure out the right versions to combine in the tests. A quote from the openssl maintainer about the openssl update: " This is probably the result of the default openssl.cfg now having: [system_default_sect] MinProtocol = TLSv1.2 CipherString = DEFAULT@SECLEVEL=2 Where the SECLEVEL 2 requires a 112 / 2048 bit security level. " More information about this bug and the reason for filing it can be found on https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation Paul [1] https://qa.debian.org/excuses.php?package=openssl https://ci.debian.net/data/autopkgtest/testing/amd64/m/m2crypto/874888/log.gz /usr/lib/python2.7/dist-packages/M2Crypto/httpslib.py:88: error _____________ TwistedSSLClientTestCase.test_makefile_timeout_fires _____________ self = <tests.test_ssl.TwistedSSLClientTestCase testMethod=test_makefile_timeout_fires> def test_makefile_timeout_fires(self): # This is convoluted because (openssl s_server -www) starts # writing the response as soon as it receives the first line of # the request, so it's possible for it to send the response # before the request is sent and there would be no timeout. So, # let the server spend time reading from an empty pipe FIFO_NAME = 'test_makefile_timeout_fires_fifo' # noqa os.mkfifo('tests/' + FIFO_NAME) pipe_pid = os.fork() try: if pipe_pid == 0: try: with open('tests/' + FIFO_NAME, 'w') as f: time.sleep(sleepTime + 1) f.write('Content\n') finally: os._exit(0) self.args[self.args.index('-www')] = '-WWW' pid = self.start_server(self.args) try: c = httpslib.HTTPSConnection(srv_host, self.srv_port) c.putrequest('GET', '/' + FIFO_NAME) c.putheader('Accept', 'text/html') c.putheader('Accept', 'text/plain') > c.endheaders() tests/test_ssl.py:988: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python2.7/httplib.py:1038: in endheaders self._send_output(message_body) /usr/lib/python2.7/httplib.py:882: in _send_output self.send(msg) /usr/lib/python2.7/httplib.py:844: in send self.connect() _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <M2Crypto.httpslib.HTTPSConnection instance at 0x7f6b85bfde60> def connect(self): # type: () -> None error = None # We ignore the returned sockaddr because SSL.Connection.connect needs # a host name. for (family, _, _, _, _) in \ socket.getaddrinfo(self.host, self.port, 0, socket.SOCK_STREAM): sock = None try: sock = SSL.Connection(self.ssl_ctx, family=family) # set SNI server name since we know it at this point sock.set_tlsext_host_name(self.host) if self.session is not None: sock.set_session(self.session) sock.connect((self.host, self.port)) self.sock = sock sock = None return except socket.error as e: # Other exception are probably SSL-related, in that case we # abort and the exception is forwarded to the caller. error = e finally: if sock is not None: sock.close() if error is None: raise AssertionError("Empty list returned by getaddrinfo") > raise error E error: [Errno 111] Connection refused /usr/lib/python2.7/dist-packages/M2Crypto/httpslib.py:88: error ____________________ TwistedSSLClientTestCase.test_timeout _____________________ self = <tests.test_ssl.TwistedSSLClientTestCase testMethod=test_timeout> def test_timeout(self): pid = self.start_server(self.args) try: ctx = SSL.Context() s = SSL.Connection(ctx) # Just a really small number so we can timeout s.settimeout(0.000000000000000000000000000001) with self.assertRaises(SSL.SSLTimeoutError): > s.connect(self.srv_addr) tests/test_ssl.py:941: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python2.7/dist-packages/M2Crypto/SSL/Connection.py:298: in connect self.socket.connect(addr) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ name = 'connect', self = <socket._socketobject object at 0x7f6b85725ec0> args = (('localhost', 39635),) def meth(name,self,*args): > return getattr(self._sock,name)(*args) E error: [Errno 111] Connection refused /usr/lib/python2.7/socket.py:228: error ________________________ ContextTestCase.test_certstore ________________________ self = <tests.test_ssl_offline.ContextTestCase testMethod=test_certstore> def test_certstore(self): ctx = SSL.Context() ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) ctx.load_verify_locations('tests/ca.pem') > ctx.load_cert('tests/x509.pem') tests/test_ssl_offline.py:58: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <M2Crypto.SSL.Context.Context instance at 0x7f6b859ada28> certfile = 'tests/x509.pem', keyfile = None callback = <function passphrase_callback at 0x7f6b85efdf50> def load_cert(self, certfile, keyfile=None, callback=util.passphrase_callback): # type: (AnyStr, Optional[AnyStr], Callable) -> None """Load certificate and private key into the context. :param certfile: File that contains the PEM-encoded certificate. :param keyfile: File that contains the PEM-encoded private key. Default value of None indicates that the private key is to be found in 'certfile'. :param callback: Callable object to be invoked if the private key is passphrase-protected. Default callback provides a simple terminal-style input for the passphrase. """ m2.ssl_ctx_passphrase_callback(self.ctx, callback) > m2.ssl_ctx_use_cert(self.ctx, certfile) E SSLError: ee key too small
Attachment:
signature.asc
Description: OpenPGP digital signature