Bug#900161: ruby-openssl: FTBFS against openssl 1.1.1
On Thu, Oct 04, 2018 at 12:10:53PM +0100, peter green wrote: > i tried to modify the testsuite to use stronger keys (patch > attatched), however after doing so the testsuite now hangs (relavent > output pasted at end of message). Not sure what is going wrong here (I > am neither a ruby expert or an openssl expert). > > I have attached a patch with my changes so-far. Thanks for looking into it. There is an uptream pull request that fixes these issues: https://github.com/ruby/openssl/pull/217 I have applied the patches from there, and with an extra change to ignore 2 tests that crash due to the new policies in openssl 1.1.1, make the package build. signature.asc Description: PGP signature
Bug#900161: ruby-openssl: FTBFS against openssl 1.1.1
i tried to modify the testsuite to use stronger keys (patch attatched), however after doing so the testsuite now hangs (relavent output pasted at end of message). Not sure what is going wrong here (I am neither a ruby expert or an openssl expert). I have attached a patch with my changes so-far. /ruby-openssl-2.0.5/test/envutil.rb:258:in `assert_join_threads' Failure: test_tlsext_hostname(OpenSSL::TestSSL): exceptions on 2 threads: #: /ruby-openssl-2.0.5/test/test_ssl.rb:654:in `connect': SSL_connect returned=1 errno=0 state=error: sslv3 alert handshake failure (OpenSSL::SSL::SSLError) from /ruby-openssl-2.0.5/test/test_ssl.rb:654:in `block in test_tlsext_hostname' from /ruby-openssl-2.0.5/test/utils.rb:445:in `block (2 levels) in start_server' --- #: /ruby-openssl-2.0.5/debian/ruby-openssl/usr/lib/ruby/vendor_ruby/openssl/ssl.rb:382:in `accept': SSL_accept returned=1 errno=0 state=error: no suitable signature algorithm (OpenSSL::SSL::SSLError) from /ruby-openssl-2.0.5/debian/ruby-openssl/usr/lib/ruby/vendor_ruby/openssl/ssl.rb:382:in `accept' from /ruby-openssl-2.0.5/test/utils.rb:383:in `block in server_loop' from /ruby-openssl-2.0.5/test/utils.rb:376:in `loop' from /ruby-openssl-2.0.5/test/utils.rb:376:in `server_loop' from /ruby-openssl-2.0.5/test/utils.rb:434:in `block (2 levels) in start_server' = : (0.010154) test_unset_OP_ALL: .: (0.059083) test_verify_certificate_identity: .: (0.008254) test_verify_hostname: .: (0.007457) test_verify_hostname_on_connect: .: (0.065102) test_verify_result: .: (0.026004) test_verify_wildcard: .: (0.005284) OpenSSL::TestSSLSession: test_client_session: # terminated with exception (report_on_exception is true): Traceback (most recent call last): 9: from /ruby-openssl-2.0.5/test/utils.rb:445:in `block (2 levels) in start_server' 8: from /ruby-openssl-2.0.5/test/test_ssl_session.rb:158:in `block in test_client_session' 7: from /ruby-openssl-2.0.5/test/test_ssl_session.rb:158:in `times' 6: from /ruby-openssl-2.0.5/test/test_ssl_session.rb:168:in `block (2 levels) in test_client_session' 5: from /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:130:in `assert' 4: from /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:1636:in `_wrap_assertion' 3: from /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:163:in `block in assert' 2: from /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:53:in `assert_block' 1: from /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:1631:in `_wrap_assertion' /usr/lib/ruby/vendor_ruby/test/unit/assertions.rb:55:in `block in assert_block': is not true. (Test::Unit::AssertionFailedError) Description: Use stronger keys in tests to fix build with new openssl. Author: Peter Michael Green --- The information above should follow the Patch Tagging Guidelines, please checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here are templates for supplementary fields that you might want to add: Origin: , Bug: Bug-Debian: https://bugs.debian.org/ Bug-Ubuntu: https://launchpad.net/bugs/ Forwarded: Reviewed-By: Last-Update: 2018-10-04 Index: ruby-openssl-2.0.5/test/utils.rb === --- ruby-openssl-2.0.5.orig/test/utils.rb +++ ruby-openssl-2.0.5/test/utils.rb @@ -64,6 +64,102 @@ gBoDG3WMPZoQj9pb7uMcrnvs4APj2FIhMU8U15Lc -END RSA PRIVATE KEY- _end_of_pem_ + TEST_KEY_RSA3072 = OpenSSL::PKey::RSA.new <<-_end_of_pem_ +-BEGIN RSA PRIVATE KEY- +MIIG4wIBAAKCAYEAuOfm5u9QvTVA3injjLlNQIdNEpkygrgeKF5yZDGndcsUTIap +tdYW8e78rOFmt/LUHXZpiY/e0vo5WH6Lyp5/EGOCJqatKa21uDef3+bmsWNb9MOE +XaIRjmcNjVim4aVJdGpjQzN/ysjR8KdqRwY3TDzVBsX7eNJpKS10NiMgSGvxxLwE +00Z/YgM9RLKjtjjWLloP/cuiZcLplaXF+Tyi49u8P7yrlNheGGtU5eEZmx+XESES +izsFyFC2zhDKpGlU+v9+oSbOPy6xNB9TjsxpG6QTtGdP9T8f990EcO/TC/JAr/uk +RwoSqMZyeUT0lk+QzfkoVYsuzGjWlLnW+yLgnv4xb003sZCPa7llxhwZYajpZgdm +/xhKBWg7x8u62aOR2pqNrV7aCRbI0AY2OphTuRIj1pwgX+t7RItrLHJ9Q0hVNQYL +iJwwH7QhRcWBx4S07M1uR7u9tESqu1rm5W+AbpV/gWVZE8RGn6KHYndn1l7qjnWH +z7bJYlLHm0AExp67AgMBAAECggGADacZ1n1fIclX08+V/KMGADi9SR1ErIA5wdNP +cPR1n+3xvsDGsSVwpkZ2I7G06uokHVTL8BtOYZeWOmGFot1XFneyeXYfHQ+1djet +N1QOPpTOimERWfSIhVI4nvInyEtzBASC9chMrEVtsu45m6rq1Fc9h3WA3ufyWdcA +WKr5TD+kJ1mWpZ7z8uG4WWUzT1YdAmkl+yBZClh89M67sm52vIpR+QbOSHw9XmI2 +b47SXDDV767Ydq1R/PtwtABrZf5c5sm2ivRQG2xXUug+ykmTWLISQXqA+aWY46XL +ymvwhna9wVNWlRrsVdWyl+O3u8rTS18Y817AraZpHnc049DXovVt3qRLKzuj+EfL ++2Ut00tfdHxrrVmqcncMeFCLphhjTLK8BA7Kxnd1F6mIkH2unYb0tB+yqElX/Zvp +oDRiwpncCi0bnLq8Q+57+m5xn1dp6ebM710G3u9U63oPQAgeHHxYp5ZhvI8rgdUx +nXkQ44SqqPeAKmIkV9cS0p+jp/1JAoHBAOYE+fyTZq4DwEWM3FxvbW+VPS/Fw1oF +1ON3dSZP4UQFcubkUwZedVCdgbkXSHN4u7G7MzZw3SHaiTyCM8eBI7tc3MHo0F5W