[Pkg-openssl-devel] Bug#923448: stunnel4: autopkgtest fails with new version of openssl: failed to set DH parameters at debian/tests/runtime line 295.

Paul Gevers elbrus at debian.org
Thu Feb 28 11:40:25 GMT 2019


Source: stunnel4
Version: 3:5.50-2
Severity: important
X-Debbugs-CC: debian-ci at lists.debian.org, openssl at packages.debian.org
User: debian-ci at lists.debian.org
Usertags: needs-update
Control: affects -1 src:openssl

Dear maintainers,

With a recent upload of openssl the autopkgtest of stunnel4 fails in
testing when that autopkgtest is run with the binary packages of openssl
from unstable. It passes when run with only packages from testing. In
tabular form:
                       pass            fail
openssl                from testing    1.1.1b-1
stunnel4               from testing    3:5.50-2
all others             from testing    from testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration of openssl to
testing [1]. Of course, openssl shouldn't just break your autopkgtest
(or even worse, your package), but it seems to me that the change in
openssl could very well be intended and your package needs to update to
the new situation. If needed, please change the bug's severity and in
doubt, please discuss with the maintainers of openssl (in X-Debbugs-CC).

If this is a real problem in your package (and not only in your
autopkgtest), the right binary package(s) from openssl should really add
a versioned Breaks on the unfixed version of (one of your) package(s).

Please note that the window to fix this to allow openssl to migrate
without intervention is closing extremely soon.

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=openssl

https://ci.debian.net/data/autopkgtest/testing/amd64/s/stunnel4/2021381/log.gz

autopkgtest [21:15:53]: test command1: env
TEST_STUNNEL=/usr/bin/stunnel4 debian/tests/runtime
autopkgtest [21:15:53]: test command1: [-----------------------
Found the certificate at debian/tests/certs/certificate.pem and the
private key at debian/tests/certs/key.pem
Using the /tmp/w9B6EPAA4e temporary directory
About to get the stunnel version information
Got stunnel version 5.50
Listening for cleartext connections on 127.0.0.1:6502
Connected to 127.0.0.1:6502, local 127.0.0.1:51704
Accepted a connection from 127.0.0.1:51704
Got a local connection id 127.0.0.1:51704
Waiting for the server to acknowledge a completed client connection
Got an eof from 127.0.0.1:51704, all seems well
Waiting for the client connection itself to report completion
Looks like we are done with the test cleartext connection!
Got listening port 8086 for the stunnel server
Let us hope this was enough to get stunnel to listen there...
Created the stunnel config file /tmp/w9B6EPAA4e/stunnel.conf:
======
pid = /tmp/w9B6EPAA4e/stunnel.pid
foreground = yes
output = /tmp/w9B6EPAA4e/stunnel.log

cert = debian/tests/certs/certificate.pem
key = debian/tests/certs/key.pem

[test]
accept = 127.0.0.1:8086
connect = 127.0.0.1:6502
======
2019.02.27 21:15:53 LOG5[ui]: stunnel 5.50 on x86_64-pc-linux-gnu platform
2019.02.27 21:15:53 LOG5[ui]: Compiled with OpenSSL 1.1.1a  20 Nov 2018
2019.02.27 21:15:53 LOG5[ui]: Running  with OpenSSL 1.1.1b  26 Feb 2019
2019.02.27 21:15:53 LOG5[ui]: Threading:PTHREAD
Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
2019.02.27 21:15:53 LOG5[ui]: Reading configuration from file
/tmp/w9B6EPAA4e/stunnel.conf
2019.02.27 21:15:53 LOG5[ui]: UTF-8 byte order mark not detected
2019.02.27 21:15:53 LOG5[ui]: FIPS mode disabled
2019.02.27 21:15:53 LOG4[ui]: Insecure file permissions on
debian/tests/certs/key.pem
2019.02.27 21:15:53 LOG5[ui]: Configuration successful
2019.02.27 21:15:53 LOG5[0]: Service [test] accepted connection from
127.0.0.1:53748
__DIE__ handler invoked: dh params schmorp1539: failed to set DH
parameters at debian/tests/runtime line 295.
dh params schmorp1539: failed to set DH parameters at
debian/tests/runtime line 295.
Started the stunnel server, pid 1065
Trying a connection through stunnel, iteration 1
Trying to connect to the stunnel server at 127.0.0.1:8086
...connected!
Registered a client connection as 127.0.0.1:53748
Oof, let us see if there are any children left
Pffth, sending a SIGKILL to 1065
Some children remaining, laying low for a second...
- waiting for 1065 (stunnel server (127.0.0.1:8086))
- OK, 1065 done
autopkgtest [21:15:55]: test command1: -----------------------]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20190228/de8fc374/attachment.sig>


More information about the Pkg-openssl-devel mailing list