Package: nodejs Version: 8.7.0+dfsg-5 Severity: serious control: tags -1 patch
The last OpenSSL upload moved the default security level from the openssl.cnf file to build-time default so I don't have to fiddle with the config file anymore. Unfortunately nodejs is using smoil keys in its testsuite so the testsuite fails now. Previously it didn't because it used the "default" openssl.cnf which did not specify any of this so the security level was never changed from its default - 1. Now it is 2 and nodejs needs either to increase the default key size or lower security level via the config file. A patch for the latter has been attached. Sebastian
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Fri, 23 Sep 2022 22:39:50 +0200 Subject: [PATCH] Add a CipherString for nodejs If the default security level is overwritten at build time of openssl then it is needed to lower it again for nodejs in order to pass the testsuite because it is using smoil keys. Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> --- deps/openssl/openssl/apps/openssl.cnf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/deps/openssl/openssl/apps/openssl.cnf b/deps/openssl/openssl/apps/openssl.cnf index 03330e0120a2..65ae201e44aa 100644 --- a/deps/openssl/openssl/apps/openssl.cnf +++ b/deps/openssl/openssl/apps/openssl.cnf @@ -15,6 +15,7 @@ HOME = . # Use this in order to automatically load providers. openssl_conf = openssl_init +nodejs_conf = nodejs_init # Comment out the next line to ignore configuration errors config_diagnostics = 1 @@ -388,3 +389,12 @@ oldcert = $insta::certout # insta.cert.pem # Certificate revocation cmd = rr oldcert = $insta::certout # insta.cert.pem + +[nodejs_init] +ssl_conf = ssl_sect + +[ssl_sect] +system_default = system_default_sect + +[system_default_sect] +CipherString = DEFAULT:@SECLEVEL=1 -- 2.37.2