Bug#1065529: interimap: Testsuite fails with openssl 3.2
On 2024-03-06 15:27:50 [+0100], Guilhem Moulin wrote: > Hi Sebastian, Hi, > Great to hear OpenSSL 3.2 will soon be entering sid! :-) > > On Wed, 06 Mar 2024 at 07:59:53 +0100, Sebastian Andrzej Siewior wrote: > > I'm currently puzzled where to look at. Could you please have a look? > > It seems openssl-req(1ssl) now generates X.509 version 3 certificates by > default. (A new flag `-509v1` was added to revert back to version 1.) > > interimap's test suite generates a transient CAs, but didn't pass any > X.509 v3 basic constraints as it assumed v1. The resulting “CA” was > therefore generated without CA:TRUE thereby failing peer validation. > > The fix is trivial, I'll simply change the test suite to generate a v3 > CA instead and pass CA:TRUE. But I thought it might be useful to spell > the fix out in case there are other affected packages. Thank for the explanation. > Cheers, Sebastian
Bug#1065529: interimap: Testsuite fails with openssl 3.2
Hi Sebastian, Great to hear OpenSSL 3.2 will soon be entering sid! :-) On Wed, 06 Mar 2024 at 07:59:53 +0100, Sebastian Andrzej Siewior wrote: > I'm currently puzzled where to look at. Could you please have a look? It seems openssl-req(1ssl) now generates X.509 version 3 certificates by default. (A new flag `-509v1` was added to revert back to version 1.) interimap's test suite generates a transient CAs, but didn't pass any X.509 v3 basic constraints as it assumed v1. The resulting “CA” was therefore generated without CA:TRUE thereby failing peer validation. The fix is trivial, I'll simply change the test suite to generate a v3 CA instead and pass CA:TRUE. But I thought it might be useful to spell the fix out in case there are other affected packages. Cheers, -- Guilhem. signature.asc Description: PGP signature
Bug#1065529: interimap: Testsuite fails with openssl 3.2
Package: interimap Version: 0.5.7-2 Severity: important Tags: sid control: affects -1 src:openssl User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-3.2 interimap's testsuite fails with OpenSSL 3.2, which is currently in experimental, for the tests: SSL_CAfile/$SSL_CERT_FILE... FAILED TLS servername extension (SNI)... FAILED Full log at https://ci.debian.net/packages/i/interimap/unstable/amd64/43404948/ I'm currently puzzled where to look at. Could you please have a look? Sebastian