Bug#923448: stunnel4: autopkgtest fails with new version of openssl: failed to set DH parameters at debian/tests/runtime line 295.
gregor herrmann
gregoa at debian.org
Fri Mar 1 21:27:42 GMT 2019
On Fri, 01 Mar 2019 22:16:39 +0100, Sebastian Andrzej Siewior wrote:
> On 2019-03-01 21:30:04 [+0100], gregor herrmann wrote:
> > On Fri, 01 Mar 2019 21:18:37 +0100, Sebastian Andrzej Siewior wrote:
> >
> > > The patch attached fixes the issue in libanyevent-perl by setting the
> > > default DH value to 2048.
> > There's also a new AnyEvent release but I saw the "INCOMPATIBLE
> > CHANGE" in the changelog, and I don't think it changes what is
> > affected here?
Here a link was missing:
https://metacpan.org/diff/file?target=MLEHMANN/AnyEvent-7.15/&source=MLEHMANN%2FAnyEvent-7.14
> stunnel's autopkgtest (and everyone else using that API without using a
> DH2048+key since now the API rejects smaller values properly).
Ok.
> > > Moving forward:
> > > - apply the patch to libanyevent-perl and be done with it
> > > - tell the stunnel4 testsuite to use 2048bit DH instead the default
> > > value.
> >
> > Is this an alternative or are both steps needed?
>
> Either/or. The last b release of openssl fixes the return code of one
> function. Since that change, setting < 2048bit DH key fails (before that
> it was also failed but with a success return value so everyone assumed
> that it worked).
>
> So either libanyevent-perl changes the default DH key to 2048 (like in
> the patch attached) _or_ someome comes up with perl foo and makes sure
> debian/tests/runtime in the block around line 276 - 295 specifies a dh
> with 2048 bits. My perl foo was enough to narrow it down to that area :)
>
> I *think* that 2048bit DH keys should be default these days and this
> would avoid errors like that in the future.
Thanks for the clarification.
As roam offered to look into the issue earlier today in the bug log,
I suggest to let him handle the question and fix it either in
stunnel4 or libanyevent-perl (handy to involved in both areas :))
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: Digital Signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20190301/380bfa18/attachment.sig>
More information about the pkg-perl-maintainers
mailing list