On Wed, Aug 17, 2022 at 05:54:53PM +0300, Ileana Dumitrescu wrote:
> > I made the attached patch, which causes the package to build and run on
> both openssl 3.x and pre-3.x systems.
>
> Thank you for the patch! I will add it to the next debian upload.
>
> > Note, however, that on openssl 3.x systems, a number of the tests run at
> > build time still fail with:
>
> > FAILED: Exception caught: TLSServerWeakCertificate: Failed to load
> > certificates from testfiles/clientCerts.pem: hash too weak for current
> > security level
>
> > but that is for a different reason: the pre-built certificates bundled
> > with the source package for running the tests use the
> > now-deemed-insecure SHA1 hash.
>
> > Nonetheless, the package builds, and works fine at runtime, assuming
> > you've upgraded your certs to sha256 as recommended here:
>
> I am also still seeing this error during the tests, which fails the build
> overall. If the package still works fine at runtime, I will look into
> patching the failed tests so that this can make it into the stable
> repository.
Well, the preferred thing would be to just generate new sha256 certs to
bundle with the test suite, so that the tests pass. I didn't see a
script to auto-generate all the needed certs, but there is a file
./test/basicserver/testfiles/key-creation.txt that has instructions for
at least some of them.
But the ubuntu version of the package does successfully build the deb
files, even if some of the tests fail. The changelog says:
boxbackup (0.13~~git20200326.g8e8b63c-1ubuntu1) groovy; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Ignore test suite results, always fails, not run on most arches anyway.
-- Gianfranco Costamagna <locutusofb...@debian.org> Mon, 11 May 2020 16:11:17
+0200
