[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Tue, 23 Apr 2019 13:52:01 -0700 

The libio-socket-ssl-perl debdiff includes the following changes to
upstream tests:

(t/ecdhe.t)

+    my $protocol = $to_server->get_sslversion;
+    if ($protocol eq 'TLSv1_3') {
+        # <https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/>
+        ok("# SKIP TLSv1.3 doesn't advertize key exchange in a chipher name");
+    } else {

(t/npn.t)

+    SSL_version => 'SSLv23:!TLSv1_3', # NPN does not exist in TLSv1.3
+                                # 
https://github.com/openssl/openssl/issues/3665

(t/session_ticket.t)

+    # FIXME - add session ticket support for TLS 1.3 too
+    SSL_version => 'SSLv23:!TLSv1_3',

[...]

+# FIXME: TLSv1.3 requires to use SSL_CTX_sess_set_new_cb() by clients instead
+# of SSL_get1_session(). Missing from Net::SSLeay.

Please discuss / account for the impact of these interface changes on
the reverse-dependencies of libio-socket-ssl-perl as part of this SRU.
AFAIK there have not been any specific rebuild etc. tests with the new
version of libio-socket-ssl-perl as part of this transition.  There will
be autopkgtest results, which may or may not be comprehensive.  If you
expect these autopkgtests to be sufficient guard against regression in
Ubuntu, please document why in the SRU bug.  Also please
quantify/characterize the risk of regression to third-party software
deployed on bionic using libio-socket-ssl-perl in the face of these
interface changes, and if you believe that risk of regression is
acceptable, explain why.

Finally, please explain why this SRU introduces a hard-coded build-
dependency (and runtime dependency) on libssl1.1 instead of this being
resolved through shlibdeps or -dev package dependencies.

** Bug watch added: github.com/openssl/openssl/issues #3665
   https://github.com/openssl/openssl/issues/3665

** Changed in: libio-socket-ssl-perl (Ubuntu Bionic)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1797386

Title:
  [SRU] OpenSSL 1.1.1 to 18.04 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to