On Sat, Sep 17, 2016 at 6:08 PM, Tatsuhiro Tsujikawa <tatsuhir...@gmail.com> wrote:
> Hi, > > On Fri, Sep 16, 2016 at 6:46 AM, Sebastian Andrzej Siewior < > sebast...@breakpoint.cc> wrote: > >> Package: spdylay >> Version: 1.3.2-2 >> Severity: important >> Tags: patch >> Control: block 827061 by -1 >> Control: user pkg-openssl-devel-requ...@lists.alioth.debian.org >> Control: usertag -1 openssl-1.1-trans-keypkg >> Control: usertag -1 openssl-1.1-trans >> >> This package fails currently to compile against openssl 1.1.0 (currently >> available in experimental). The issues look not openssl specific. The >> full build of the build failure is available >> https://breakpoint.cc/openssl-1.1-rebuild-2016-08-26/failed/ >> spdylay_1.3.2-2_amd64-2016-08-26T19%3A47%3A25Z >> >> With the patch attached is manages to build. The testsuite fails then :) >> The SSL error message was obtained via ERR_print_errors_fp(stderr): >> >> | ========================================= >> | spdylay 1.3.2: tests/test-suite.log >> | ========================================= >> | >> | # TOTAL: 3 >> | # PASS: 2 >> | # SKIP: 0 >> | # XFAIL: 0 >> | # FAIL: 1 >> | # XPASS: 0 >> | # ERROR: 0 >> | >> | .. contents:: :depth: 2 >> | >> | FAIL: end_to_end.py >> | =================== >> | >> | SSL_CTX_use_certificate_file failed. >> | 140680762493824:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee >> key too small:ssl/ssl_rsa.c:305: >> | Could not connect to the host: localhost:9893 >> | error:1408F10B:SSL routines:ssl3_get_record:wrong version number >> | Could not connect to the host: localhost:79 >> | FCould not connect to the host: localhost:2 >> | .Could not connect to the host: localhost:9893 >> | Could not connect to the host: localhost:9893 >> | FCould not connect to the host: localhost:9893 >> | FCould not connect to the host: localhost:9893 >> | FSSL_CTX_use_certificate_file failed. >> | 140100289985408:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee >> key too small:ssl/ssl_rsa.c:305: >> | Could not connect to the host: localhost:9893 >> >> So it looks like the key in the test is too small. >> >> Sebastian >> > > Thank you for the patch. It has been applied and merged into master > branch. > I've made another couple of commits to fix OpenSSL 1.1.0 deprecation > warnings. > > spdylay end-to-end test (which failed above) require libevent which is > also built with OpenSSL 1.1.0. But it seems the latest stable libevent > does not compile OpenSSL 1.1.0. I guess that the above error "wrong > version number" could mean that libevent has been built with older OpenSSL > version. > > I was wrong. end_to_end.py does not require libevent, and after upgrading key pair, all tests passed. Best regards, Tatsuhiro Tsujikawa > For key size issues, I renewed key pair, and now use 2048 bits public key > rather than 512 bits. > > Best regards, > Tatsuhiro Tsujikawa > > > > > >