[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#923448: stunnel4: autopkgtest fails with new version of openssl: failed to set DH parameters at debian/tests/runtime line 295.

Source: stunnel4
Version: 3:5.50-2
Severity: important
X-Debbugs-CC: debian-ci@lists.debian.org, openssl@packages.debian.org
User: debian-ci@lists.debian.org
Usertags: needs-update
Control: affects -1 src:openssl

Dear maintainers,

With a recent upload of openssl the autopkgtest of stunnel4 fails in
testing when that autopkgtest is run with the binary packages of openssl
from unstable. It passes when run with only packages from testing. In
tabular form:
                       pass            fail
openssl                from testing    1.1.1b-1
stunnel4               from testing    3:5.50-2
all others             from testing    from testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration of openssl to
testing [1]. Of course, openssl shouldn't just break your autopkgtest
(or even worse, your package), but it seems to me that the change in
openssl could very well be intended and your package needs to update to
the new situation. If needed, please change the bug's severity and in
doubt, please discuss with the maintainers of openssl (in X-Debbugs-CC).

If this is a real problem in your package (and not only in your
autopkgtest), the right binary package(s) from openssl should really add
a versioned Breaks on the unfixed version of (one of your) package(s).

Please note that the window to fix this to allow openssl to migrate
without intervention is closing extremely soon.

More information about this bug and the reason for filing it can be found on


[1] https://qa.debian.org/excuses.php?package=openssl


autopkgtest [21:15:53]: test command1: env
TEST_STUNNEL=/usr/bin/stunnel4 debian/tests/runtime
autopkgtest [21:15:53]: test command1: [-----------------------
Found the certificate at debian/tests/certs/certificate.pem and the
private key at debian/tests/certs/key.pem
Using the /tmp/w9B6EPAA4e temporary directory
About to get the stunnel version information
Got stunnel version 5.50
Listening for cleartext connections on
Connected to, local
Accepted a connection from
Got a local connection id
Waiting for the server to acknowledge a completed client connection
Got an eof from, all seems well
Waiting for the client connection itself to report completion
Looks like we are done with the test cleartext connection!
Got listening port 8086 for the stunnel server
Let us hope this was enough to get stunnel to listen there...
Created the stunnel config file /tmp/w9B6EPAA4e/stunnel.conf:
pid = /tmp/w9B6EPAA4e/stunnel.pid
foreground = yes
output = /tmp/w9B6EPAA4e/stunnel.log

cert = debian/tests/certs/certificate.pem
key = debian/tests/certs/key.pem

accept =
connect =
2019.02.27 21:15:53 LOG5[ui]: stunnel 5.50 on x86_64-pc-linux-gnu platform
2019.02.27 21:15:53 LOG5[ui]: Compiled with OpenSSL 1.1.1a  20 Nov 2018
2019.02.27 21:15:53 LOG5[ui]: Running  with OpenSSL 1.1.1b  26 Feb 2019
2019.02.27 21:15:53 LOG5[ui]: Threading:PTHREAD
2019.02.27 21:15:53 LOG5[ui]: Reading configuration from file
2019.02.27 21:15:53 LOG5[ui]: UTF-8 byte order mark not detected
2019.02.27 21:15:53 LOG5[ui]: FIPS mode disabled
2019.02.27 21:15:53 LOG4[ui]: Insecure file permissions on
2019.02.27 21:15:53 LOG5[ui]: Configuration successful
2019.02.27 21:15:53 LOG5[0]: Service [test] accepted connection from
__DIE__ handler invoked: dh params schmorp1539: failed to set DH
parameters at debian/tests/runtime line 295.
dh params schmorp1539: failed to set DH parameters at
debian/tests/runtime line 295.
Started the stunnel server, pid 1065
Trying a connection through stunnel, iteration 1
Trying to connect to the stunnel server at
Registered a client connection as
Oof, let us see if there are any children left
Pffth, sending a SIGKILL to 1065
Some children remaining, laying low for a second...
- waiting for 1065 (stunnel server (
- OK, 1065 done
autopkgtest [21:15:55]: test command1: -----------------------]

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: