Your message dated Fri, 3 May 2019 12:03:09 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-openssl-devel] Bug#927461: release-notes: Document
how to handle openssls new defaults
has caused the Debian Bug report #927461,
regarding release-notes: Document how to handle openssls new defaults
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
927461: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927461
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: upgrade-reports
Severity: normal
After upgrading to buster, unbound-control would fail to run with this error..
error: Error setting up SSL_CTX client cert
139765110753216:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too
small:../ssl/ssl_rsa.c:310:
To fix this I had to regenerate the certs and keys by removing the old ones and
running unbound-control-setup, then restarting unbound. This fixed the issue.
$ cd /etc/unbound/
$ sudo rm *.key *.pem
$ sudo unbound-control-setup
$ sudo systemctl restart unbound
Note that with unbound-control broken, that broke `systemctl reload unbound` as
it depends on unbound-control.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--
John Eikenberry
[ [email protected] - http://zhar.net ]
________________________________________________________________________
"Perfection is attained, not when no more can be added, but when no more
can be removed." -- Antoine de Saint-Exupery
--- End Message ---
--- Begin Message ---
Hi Sebastian,
On 24-04-2019 22:20, Paul Gevers wrote:
> Hi Sebastian,
>
> On 24-04-2019 22:00, Sebastian Andrzej Siewior wrote:
>> On 2019-04-21 16:52:30 [+0200], Paul Gevers wrote:
>
> [...]
>
>> The system default is valid for package that links against libssl1.1.
>> Some packages (like wpa_supplicant) override the limit so they may use
>> TLSv1 even if it is disabled.
>> Is the text above more or less what you asked for?
>
> It's a bit long, and in the current state it is a bit out of context,
> but I think we'll be able to manage that, thanks.
Upon further inspection I think the text is OK, so I have committed it
as https://salsa.debian.org/ddp-team/release-notes/commit/04360d3
Thanks.
Paul
signature.asc
Description: OpenPGP digital signature
--- End Message ---
