Your message dated Sat, 13 Oct 2018 19:39:37 +0200
with message-id <[email protected]>
and subject line Re: Bug#907807: After upgrading to OpenSSL 1.1.1, many sites
are unreachable
has caused the Debian Bug report #907807,
regarding After upgrading to OpenSSL 1.1.1, many sites are unreachable
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
907807: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907807
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: linkchecker
Version: 9.4.0-2
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hey!
Since the upgrade to OpenSSL 1.1.1pre9 in sid, linkchecker is unable
to check many sites including:
- ones without SNI
- ones with DH parameters too small
- ones using TLS 1.0
- ones still using SHA1 for the signature (get.adobe.com)
- -- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (101,
'experimental-debug'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8),
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages linkchecker depends on:
ii libc6 2.27-5
ii python 2.7.15-3
ii python-dnspython 1.15.0-1
ii python-requests 2.18.4-2
ii python-urllib3 1.22-1
ii python-xdg 0.25-4
linkchecker recommends no packages.
Versions of packages linkchecker suggests:
pn clamav-daemon <none>
pn linkchecker-web <none>
ii python-argcomplete 1.8.1-1
ii python-cssutils 1.0.2-1
ii python-gconf 2.28.1+dfsg-1.2
ii python-geoip 1.3.2-1+b4
pn python-meliae <none>
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEErvI0h2bzccaJpzYAlaQv6DU1JfkFAluL3TsSHGJlcm5hdEBk
ZWJpYW4ub3JnAAoJEJWkL+g1NSX5PXgP/0oiB8DwZJm5jzXNAKa31/n5hMUaBQK3
Yb5iEWFFrBf4N5FAxYxzK0eKcMyV1uKwoP6xaMZa0W1fabWx0NAva0wQBtyDhXwz
JXBZ//pZatUDR/MfvFbdy7EDSphjXnQEqaHT4kvTlAaPueP5hZGJ1EZFxnacHMEl
ahRP6QlTBdkzndOHPfVURhhLlB0SPUDjiBDlY//ftBtM+01GO5KvOogUAZq5Tbdn
UzGLfYbrddkd9gsSOsXrly2QjrmW7kdZdaJ3CFNjRlWVqXk+p+eZhmRpLqZ39pyv
y5g/Yt+90+Jr+uWh8wocs2jqzxKaRmZ6kDUdbQcTP6/pvkvZW9RUEIqoyL68HcbE
XfptM8Xz9apVuu8EG5maLEn49j4o1kgRbC99rMzM7wP/c6M2MwcIhXmI5mZt/0ck
J8c6CUBCY6pdQquyF6Y50dsUQDfFiQxhH1FQOsEvuMD7Kxal/UT0SekYZSXkOCau
BRURI4S/7V71Tf+BGrVsQaPfaN0FFN/ulH7bn05Vm3umNMSjQBXoGCeRuSz9a56W
nTNn3g9hN6SKs82R0cD/8pX1SJTLi8KuDJF5E7IQytZkItBnRrtWNEBgt7qehjTN
coPqgMw4lmNcTaBuv1nOKpHB5HVL/DxNs6ET4twQeiGXBx9s2iWm+TCTcdbfpiwV
0oaniV1frxcJ
=UJMB
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Hi,
On Sat, Sep 29, 2018 at 07:07:18PM +0200, Sebastian Andrzej Siewior wrote:
> > > It's 1.1.1 which comes with more strict checks on everything. I think
> > > there is a metabug about this:
> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907015
> >
> > I see. So I guess this blocks that then, adding to the pile.
>
> but why?
Indeed. Really this bug is not in any package's fault IMHO.
> | - ones without SNI
>
> huh. If linkchecker is lacking SNI support than please add this to
> linkcheker. Once this is done, I can a versioned break to libssl.
> Otherwise I don't understand.
at most this is a bug, but I don't really consider it RC.
If this can still be reproduced then please open a specific bug about
this specific issue against the package that has the actual problem
(this bug was reassigned to python-requests, which is fine about SNI
afaik).
> | - ones with DH parameters too small
> | - ones using TLS 1.0
> | - ones still using SHA1 for the signature (get.adobe.com)
>
> This is a limitation of the remote site. You can either get the remote
> site fix it (TLS1.0 in 2018, srsly?) or override the default openssl
> policy (please consider this as the last resort).
And in which case, IMHO, that should be done by the system
administrator. I don't think linkchecker should mingle in this stuff
itself.
I'm therefore closing this report.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
