Your message dated Fri, 3 May 2019 12:03:09 +0200 with message-id <8f588328-bcff-9466-456b-9b043d50bc9c@debian.org> and subject line Re: [Pkg-openssl-devel] Bug#927461: release-notes: Document how to handle openssls new defaults has caused the Debian Bug report #927461, regarding release-notes: Document how to handle openssls new defaults to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 927461: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927461 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: upgrade-reports: Buster upgrade: had to re-create unbound certs/keys
- From: John Eikenberry <jae@zhar.net>
- Date: Fri, 19 Apr 2019 11:07:49 -0700
- Message-id: <20190419180749.GA20992@ivanova.zhar.net>
Package: upgrade-reports Severity: normal After upgrading to buster, unbound-control would fail to run with this error.. error: Error setting up SSL_CTX client cert 139765110753216:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310: To fix this I had to regenerate the certs and keys by removing the old ones and running unbound-control-setup, then restarting unbound. This fixed the issue. $ cd /etc/unbound/ $ sudo rm *.key *.pem $ sudo unbound-control-setup $ sudo systemctl restart unbound Note that with unbound-control broken, that broke `systemctl reload unbound` as it depends on unbound-control. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- John Eikenberry [ jae@zhar.net - http://zhar.net ] ________________________________________________________________________ "Perfection is attained, not when no more can be added, but when no more can be removed." -- Antoine de Saint-Exupery
--- End Message ---
--- Begin Message ---
- To: "Package Development List for OpenSSL packages." <pkg-openssl-devel@alioth-lists.debian.net>
- Cc: 927461-done@bugs.debian.org
- Subject: Re: [Pkg-openssl-devel] Bug#927461: release-notes: Document how to handle openssls new defaults
- From: Paul Gevers <elbrus@debian.org>
- Date: Fri, 3 May 2019 12:03:09 +0200
- Message-id: <8f588328-bcff-9466-456b-9b043d50bc9c@debian.org>
- In-reply-to: <bf85ad37-0c11-3c84-38ae-78b0c05c24cb@debian.org>
- References: <20190419180749.GA20992@ivanova.zhar.net> <cc0cf582-1d25-1aa1-adef-a5d8860cc828@thykier.net> <cc0cf582-1d25-1aa1-adef-a5d8860cc828@thykier.net> <e3c1d665-f9d8-1b3b-a464-e7d62f717b28@debian.org> <20190424200058.aycctf35lzgesm7c@flow> <bf85ad37-0c11-3c84-38ae-78b0c05c24cb@debian.org>
Hi Sebastian, On 24-04-2019 22:20, Paul Gevers wrote: > Hi Sebastian, > > On 24-04-2019 22:00, Sebastian Andrzej Siewior wrote: >> On 2019-04-21 16:52:30 [+0200], Paul Gevers wrote: > > [...] > >> The system default is valid for package that links against libssl1.1. >> Some packages (like wpa_supplicant) override the limit so they may use >> TLSv1 even if it is disabled. >> Is the text above more or less what you asked for? > > It's a bit long, and in the current state it is a bit out of context, > but I think we'll be able to manage that, thanks. Upon further inspection I think the text is OK, so I have committed it as https://salsa.debian.org/ddp-team/release-notes/commit/04360d3 Thanks. PaulAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---