Bug#1042449: libprotocol-http2-perl: Test-suite fails if OpenSSL configured with seclevel 2
Olivier Gayot
olivier.gayot at canonical.com
Fri Jul 28 11:30:38 BST 2023
Package: libprotocol-http2-perl
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu mantic ubuntu-patch
Dear Maintainer,
The package uses the hardcoded tlsv1 value in its test-suite.
When OpenSSL has been built with security level 2 (or is set to level 2
at runtime), the TLSv1 protocol is rejected. This makes the
libprotocol-http2-perl build / autopkgtest fail.
There is an upstream bug report:
https://github.com/vlet/p5-Protocol-HTTP2/issues/15
And a PR was opened usptream:
https://github.com/vlet/p5-Protocol-HTTP2/pull/16
Debian is currently unaffected (I assume the security level is set to 1
at build-time) but in the future OpenSSL 3.1 will reject TLSv1 at
security level 1.
In Ubuntu, the attached patch was applied to achieve the following:
* Do not hardcode the test-suite TLS version to tlsv1 - which is disabled by
OpenSSL seclevel 2 on Ubuntu (LP: #2023586).
Thanks for considering the patch.
-- System Information:
Debian Release: bookworm/sid
APT prefers lunar-updates
APT policy: (500, 'lunar-updates'), (500, 'lunar-security'), (500, 'lunar'), (100, 'lunar-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-16-generic (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-------------- next part --------------
diff -Nru libprotocol-http2-perl-1.10/debian/patches/no-tlsv1.patch libprotocol-http2-perl-1.10/debian/patches/no-tlsv1.patch
--- libprotocol-http2-perl-1.10/debian/patches/no-tlsv1.patch 1970-01-01 01:00:00.000000000 +0100
+++ libprotocol-http2-perl-1.10/debian/patches/no-tlsv1.patch 2023-07-28 11:43:40.000000000 +0200
@@ -0,0 +1,32 @@
+Description: Remove hardcoded tlsv1 protocol version
+ The test-suite of libprotocol-http2-perl uses a hardcoded value of tlsv1 -
+ which is disabled in Ubuntu by means of OpenSSL seclevel. Specifying another
+ version like tlsv1_2 would work but it seems sensible to leave that up to the
+ system decide.
+Author: Olivier Gayot <olivier.gayot at canonical.com>
+Bug-Ubuntu: https://launchpad.net/bugs/2023586
+Forwarded: https://github.com/vlet/p5-Protocol-HTTP2/pull/16
+Last-Update: 2023-07-28
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: b/t/lib/PH2ClientServerTest.pm
+===================================================================
+--- a/t/lib/PH2ClientServerTest.pm 2023-07-28 11:35:33.957861624 +0200
++++ b/t/lib/PH2ClientServerTest.pm 2023-07-28 11:43:04.843734902 +0200
+@@ -43,7 +43,6 @@
+ if ( !$h{upgrade} && ( $h{npn} || $h{alpn} ) ) {
+ eval {
+ $tls = AnyEvent::TLS->new(
+- method => 'tlsv1',
+ cert_file => $tls_crt,
+ key_file => $tls_key,
+ );
+@@ -122,7 +121,7 @@
+ }
+ elsif ( $h{npn} || $h{alpn} ) {
+ eval {
+- $tls = AnyEvent::TLS->new( method => 'tlsv1', );
++ $tls = AnyEvent::TLS->new();
+
+ if ( delete $h{npn} ) {
+
diff -Nru libprotocol-http2-perl-1.10/debian/patches/series libprotocol-http2-perl-1.10/debian/patches/series
--- libprotocol-http2-perl-1.10/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libprotocol-http2-perl-1.10/debian/patches/series 2023-07-28 11:43:11.000000000 +0200
@@ -0,0 +1 @@
+no-tlsv1.patch
More information about the pkg-perl-maintainers
mailing list