Bug#907028: ruby-openssl: autopkgtest needs update for new version of openssl

To: submit@bugs.debian.org
Subject: Bug#907028: ruby-openssl: autopkgtest needs update for new version of openssl
From: Paul Gevers <elbrus@debian.org>
Date: Thu, 23 Aug 2018 11:03:15 +0200
Message-id: <[🔎] e2acf17e-c391-a028-ead9-6b53f7c801e0@debian.org>
Reply-to: Paul Gevers <elbrus@debian.org>, 907028@bugs.debian.org

Source: ruby-openssl
Version: 2.0.5-1
X-Debbugs-CC: debian-ci@lists.debian.org, openssl@packages.debian.org
User: debian-ci@lists.debian.org
Usertags: needs-update
Control: affects -1 src:openssl
Control: block 907015 by -1

Dear maintainers,

With a recent upload of openssl the autopkgtest of ruby-openssl started
to fail in testing. I copied the output of the first three errors below
(the others seem to be all very similar).

Currently this regression is contributing to the delay of the migration
of openssl to testing [1]. Of course, openssl shouldn't just break your
autopkgtest (or even worse, your package), but it seems to me that the
change openssl was intended and your package needs to update to the new
situation. If needed, please change the bug's severity.

If this is a real problem in your package (and not only in your
autopkgtest), the right binary package(s) from openssl should really add
a versioned Breaks on the unfixed version of (one of your) package(s),
hence I added a blocking relation on the openssl bug that tracks that.
Note: the Breaks is nice even if the issue is only in the autopkgtest as
it helps the migration software to figure out the right versions to
combine in the tests.

A quote from the openssl maintainer about the openssl update:
"
This is probably the result of the default openssl.cfg now having:
[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

Where the SECLEVEL 2 requires a 112 / 2048 bit security level.
"

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=openssl

https://ci.debian.net/data/autopkgtest/testing/amd64/r/ruby-openssl/869658/log.gz

===============================================================================
Error: test_dup(OpenSSL::TestPKeyRSA): OpenSSL::PKey::RSAError: key size
too small
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_pkey_rsa.rb:257:in
`generate'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_pkey_rsa.rb:257:in
`test_dup'
     254:   end
     255:
     256:   def test_dup
  => 257:     key = OpenSSL::PKey::RSA.generate(256, 17)
     258:     key2 = key.dup
     259:     assert_equal key.params, key2.params
     260:     key2.set_key(key2.n, 3, key2.d)
===============================================================================

===============================================================================
Failure: test_alpn_protocol_selection_ary(OpenSSL::TestSSL):
  exceptions on 1 threads:

#<Thread:0x00005565bf178368@/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:330
dead>:

/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1282:in
`connect': Connection reset by peer - SSL_connect (Errno::ECONNRESET)
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1282:in
`server_connect'
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:910:in
`block in test_alpn_protocol_selection_ary'
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:332:in
`block (2 levels) in start_server'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/envutil.rb:258:in
`assert_join_threads'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:339:in
`block in start_server'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:293:in
`pipe'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:293:in
`start_server'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1270:in
`start_server_version'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:907:in
`test_alpn_protocol_selection_ary'
     904:       }
     905:       ctx.alpn_protocols = advertised
     906:     }
  => 907:     start_server_version(:SSLv23, ctx_proc) { |server, port|
     908:       ctx = OpenSSL::SSL::SSLContext.new
     909:       ctx.alpn_protocols = advertised
     910:       server_connect(port, ctx) { |ssl|
===============================================================================

===============================================================================
Failure: test_client_auth_success(OpenSSL::TestSSL):
  exceptions on 2 threads:

#<Thread:0x00005565bede53e0@/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:330
dead>:

/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1280:in
`initialize': SSL_CTX_use_certificate: ee key too small
(OpenSSL::SSL::SSLError)
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1280:in
`new'
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:1280:in
`server_connect'
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:134:in
`block in test_client_auth_success'
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:332:in
`block (2 levels) in start_server'
  ---

#<Thread:0x00005565bede5818@/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:319
dead>:
  /usr/lib/ruby/vendor_ruby/openssl/ssl.rb:380:in `initialize':
SSL_CTX_use_certificate: ee key too small (OpenSSL::SSL::SSLError)
  	from /usr/lib/ruby/vendor_ruby/openssl/ssl.rb:380:in `new'
  	from /usr/lib/ruby/vendor_ruby/openssl/ssl.rb:380:in `accept'
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:270:in
`block in server_loop'
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:263:in
`loop'
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:263:in
`server_loop'
  	from
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:321:in
`block (2 levels) in start_server'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/envutil.rb:258:in
`assert_join_threads'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:339:in
`block in start_server'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:293:in
`pipe'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/utils.rb:293:in
`start_server'
/tmp/autopkgtest-lxc.6pk29_f_/downtmp/build.A2U/src/test/test_ssl.rb:129:in
`test_client_auth_success'
     126:
     127:   def test_client_auth_success
     128:     vflag =
OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
  => 129:     start_server(verify_mode: vflag) { |server, port|
     130:       ctx = OpenSSL::SSL::SSLContext.new
     131:       ctx.key = @cli_key
     132:       ctx.cert = @cli_cert
===============================================================================

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Bug#907022: puma: autopkgtest times out after update of openssl
Next by Date: Bug#907031: python3.7: autopkgtest needs update for new version of openssl
Previous by thread: Bug#907022: puma: autopkgtest times out after update of openssl
Next by thread: Bug#907031: python3.7: autopkgtest needs update for new version of openssl
Index(es):
- Date
- Thread