Bug#907135: [Box Backup] Debian now requires 2048bit RSA keys

On Mon, Jan 7, 2019, 16:58 Chris Wilson <chris+google@qwirx.com wrote:
Hi Reinhard,

If I make the workaround suggested on this thread (change SECLEVEL to 1 in /etc/ssl/openssl.cnf) then test/basicserver passes again. This is at least a good start, so that users who don't want to replace their certificates have a workaround. I think I'll need to modify the CA scripts that generate certificates so that they produce 2048-bit keys that do not need this workaround, and document it or catch and improve the error message.

Any progress on updating the CA scripts that generate certificates so that they produce 2048-bit keys? 

I've updated the package to git20180819.g2f5b556, but am still experiencing a test failure:

make[1]: Leaving directory '/<<PKGBUILDDIR>>/test/basicserver'
TEST: test/basicserver
Killing any running daemons...
Removing old test files...
chmod: cannot access 'testfiles': No such file or directory
Copying new test files...
NOTICE:  Running test basicserver in debug mode...
INFO:    Starting server: ./_test --test-daemon-args= srv1 testfiles/srv1.conf
Waiting for server to die (pid 16575): . done.
INFO:    Starting server: ./_test --test-daemon-args= srv2 testfiles/srv2.conf
Waiting for server to die (pid 16579): . done.
INFO:    Starting server: ./_test --test-daemon-args= srv3 testfiles/srv3.conf
ERROR:   **** TEST FAILURE: Condition [ServerIsAlive(pid)] failed at test/basicserver/testbasicserver.cpp:628
ERROR:   **** TEST FAILURE: Condition [HUPServer(pid)] failed at test/basicserver/testbasicserver.cpp:631
ERROR:   **** TEST FAILURE: Condition [ServerIsAlive(pid)] failed at test/basicserver/testbasicserver.cpp:633
ERROR:   SSL or crypto error: loading certificates from testfiles/clientCerts.pem: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
WARNING: Exception thrown: ServerException(TLSLoadCertificatesFailed) at lib/server/TLSContext.cpp(93)
FAILED: Exception caught: TLSLoadCertificatesFailed

regards,
Reinhard