> > On Mon, Jan 7, 2019, 16:58 Chris Wilson <chris+goo...@qwirx.com wrote: >> >>> Hi Reinhard, >>> >>> If I make the workaround suggested on this thread >>> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907888> (change >>> SECLEVEL to 1 in /etc/ssl/openssl.cnf) then test/basicserver passes again. >>> This is at least a good start, so that users who don't want to replace >>> their certificates have a workaround. I think I'll need to modify the CA >>> scripts that generate certificates so that they produce 2048-bit keys that >>> do not need this workaround, and document it or catch and improve the error >>> message. >>> >>> Any progress on updating the CA scripts that generate certificates so that they produce 2048-bit keys?
I've updated the package to git20180819.g2f5b556, but am still experiencing a test failure: make[1]: Leaving directory '/<<PKGBUILDDIR>>/test/basicserver' TEST: test/basicserver Killing any running daemons... Removing old test files... chmod: cannot access 'testfiles': No such file or directory Copying new test files... NOTICE: Running test basicserver in debug mode... INFO: Starting server: ./_test --test-daemon-args= srv1 testfiles/srv1.conf Waiting for server to die (pid 16575): . done. INFO: Starting server: ./_test --test-daemon-args= srv2 testfiles/srv2.conf Waiting for server to die (pid 16579): . done. INFO: Starting server: ./_test --test-daemon-args= srv3 testfiles/srv3.conf ERROR: **** TEST FAILURE: Condition [ServerIsAlive(pid)] failed at test/basicserver/testbasicserver.cpp:628 ERROR: **** TEST FAILURE: Condition [HUPServer(pid)] failed at test/basicserver/testbasicserver.cpp:631 ERROR: **** TEST FAILURE: Condition [ServerIsAlive(pid)] failed at test/basicserver/testbasicserver.cpp:633 ERROR: SSL or crypto error: loading certificates from testfiles/clientCerts.pem: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small WARNING: Exception thrown: ServerException(TLSLoadCertificatesFailed) at lib/server/TLSContext.cpp(93) FAILED: Exception caught: TLSLoadCertificatesFailed -- regards, Reinhard