Package: src:gdm3 Version: 45.0.1-2 Severity: important Tags: sid patch control: affects -1 src:openssl User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-3.2
The argument "-extensions v3_ca" for req is invalid and not considered. Earlier versions of openssl silently ignored that argument, openssl 3.2 throws an error now, see https://ci.debian.net/packages/g/gdm3/unstable/amd64/ https://ci.debian.net/packages/g/gdm3/unstable/amd64/41875309/ Sebastian
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Wed, 24 Jan 2024 21:32:49 +0100 Subject: [PATCH] debian: Adapt tests for openssl3.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The argument "-extensions v3_ca" for req is invalid and not considered. Earlier versions of openssl silently ignored that argument, openssl 3.2 throws an error now: | openssl req -batch -new -nodes … -extensions v3_ca … | Error adding request extensions from section v3_ca | 0071DD54987F0000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:../crypto/x509/v3_akid.c:156: | 0071DD54987F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:../crypto/x509/v3_conf.c:48:section=v3_ca, name=authorityKeyIdentifier, value=keyid:always,issuer:always Remove the not relevant argument "-extensions v3_ca". Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> --- debian/tests/sssd-softhism2-certificates-tests.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/debian/tests/sssd-softhism2-certificates-tests.sh b/debian/tests/sssd-softhism2-certificates-tests.sh index 00c533f127dd..a68812673983 100644 --- a/debian/tests/sssd-softhism2-certificates-tests.sh +++ b/debian/tests/sssd-softhism2-certificates-tests.sh @@ -217,7 +217,6 @@ openssl req \ -key "$tmpdir/test-intermediate-CA-key.pem" \ -passout "$root_ca_key_pass" \ -sha256 \ - -extensions v3_ca \ -out "$tmpdir/test-intermediate-CA-certificate-request.pem" openssl req -text -noout -in "$tmpdir/test-intermediate-CA-certificate-request.pem" @@ -306,7 +305,6 @@ openssl req \ -key "$tmpdir/test-sub-intermediate-CA-key.pem" \ -passout "$intermediate_ca_key_pass" \ -sha256 \ - -extensions v3_ca \ -out "$tmpdir/test-sub-intermediate-CA-certificate-request.pem" openssl req -text -noout -in "$tmpdir/test-sub-intermediate-CA-certificate-request.pem" -- 2.43.0