Hi Sebastian, Great to hear OpenSSL 3.2 will soon be entering sid! :-)
On Wed, 06 Mar 2024 at 07:59:53 +0100, Sebastian Andrzej Siewior wrote: > I'm currently puzzled where to look at. Could you please have a look? It seems openssl-req(1ssl) now generates X.509 version 3 certificates by default. (A new flag `-509v1` was added to revert back to version 1.) interimap's test suite generates a transient CAs, but didn't pass any X.509 v3 basic constraints as it assumed v1. The resulting “CA” was therefore generated without CA:TRUE thereby failing peer validation. The fix is trivial, I'll simply change the test suite to generate a v3 CA instead and pass CA:TRUE. But I thought it might be useful to spell the fix out in case there are other affected packages. Cheers, -- Guilhem.
signature.asc
Description: PGP signature