Bug#923448: stunnel4: autopkgtest fails with new version of openssl: failed to set DH parameters at debian/tests/runtime line 295.
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Fri Mar 1 21:16:44 GMT 2019
On 2019-03-01 21:30:04 [+0100], gregor herrmann wrote:
> On Fri, 01 Mar 2019 21:18:37 +0100, Sebastian Andrzej Siewior wrote:
>
> > The patch attached fixes the issue in libanyevent-perl by setting the
> > default DH value to 2048.
>
> There's also a new AnyEvent release but I saw the "INCOMPATIBLE
> CHANGE" in the changelog, and I don't think it changes what is
> affected here?
stunnel's autopkgtest (and everyone else using that API without using a
DH2048+key since now the API rejects smaller values properly).
> > Moving forward:
> > - apply the patch to libanyevent-perl and be done with it
> > - tell the stunnel4 testsuite to use 2048bit DH instead the default
> > value.
>
> Is this an alternative or are both steps needed?
Either/or. The last b release of openssl fixes the return code of one
function. Since that change, setting < 2048bit DH key fails (before that
it was also failed but with a success return value so everyone assumed
that it worked).
So either libanyevent-perl changes the default DH key to 2048 (like in
the patch attached) _or_ someome comes up with perl foo and makes sure
debian/tests/runtime in the block around line 276 - 295 specifies a dh
with 2048 bits. My perl foo was enough to narrow it down to that area :)
I *think* that 2048bit DH keys should be default these days and this
would avoid errors like that in the future.
> Cheers,
> gregor
Sebastian
More information about the pkg-perl-maintainers
mailing list