Public bug reported:
The package fails to build, the test run fails.
The issue comes from the xmltoolingtest/data/test.pfx certificate that
contains data encrypted using RC2, which is disabled by default in
OpenSSL 3.0. It could be re-enabled using the legacy provider, but I'd
rather upgrade the certificate to use a supported algorithm.
Converting the algorithm can be done via these simple steps (using an
intermediary file because piping doesn't seem to work...)
openssl pkcs12 -in xmltoolingtest/data/test.pfx -passin pass:password -out
cert.pem -nodes
openssl pkcs12 -export -descert -out xmltoolingtest/data/test.pfx -passout
pass:password -in cert.pem
rm cert.pem
(note that if using OpenSSL 3.0 you'll need to add `-provider default
-provider legacy` to the first command in order to decode the original
file)
** Affects: xmltooling (Ubuntu)
Importance: High
Status: New
** Tags: ftbfs transition-openssl3-jj
** Description changed:
The package fails to build, the test run fails.
The issue comes from the xmltoolingtest/data/test.pfx certificate that
contains data encrypted using RC2, which is disabled by default in
OpenSSL 3.0. It could be re-enabled using the legacy provider, but I'd
rather upgrade the certificate to use a supported algorithm.
Converting the algorithm can be done via these simple steps (using an
intermediary file because piping doesn't seem to work...)
- openssl pkcs12 -provider default -provider legacy -in
xmltoolingtest/data/test.pfx -passin pass:password -out cert.pem -nodes
+ openssl pkcs12 -in xmltoolingtest/data/test.pfx -passin pass:password -out
cert.pem -nodes
openssl pkcs12 -export -out xmltoolingtest/data/test.pfx -passout
pass:password -in cert.pem
rm cert.pem
(note that if using OpenSSL 3.0 you'll need to add `-provider default
-provider legacy` to the first command in order to decode the original
file)
** Description changed:
The package fails to build, the test run fails.
The issue comes from the xmltoolingtest/data/test.pfx certificate that
contains data encrypted using RC2, which is disabled by default in
OpenSSL 3.0. It could be re-enabled using the legacy provider, but I'd
rather upgrade the certificate to use a supported algorithm.
Converting the algorithm can be done via these simple steps (using an
intermediary file because piping doesn't seem to work...)
openssl pkcs12 -in xmltoolingtest/data/test.pfx -passin pass:password -out
cert.pem -nodes
- openssl pkcs12 -export -out xmltoolingtest/data/test.pfx -passout
pass:password -in cert.pem
+ openssl pkcs12 -export -descert -out xmltoolingtest/data/test.pfx -passout
pass:password -in cert.pem
rm cert.pem
(note that if using OpenSSL 3.0 you'll need to add `-provider default
-provider legacy` to the first command in order to decode the original
file)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957166
Title:
xmltooling: FTBFS against OpenSSL 3.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1957166/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
