On Fri, 2021-04-23 at 20:56 +0100, Andrei Gherzan wrote: > On Sun, 18 Apr 2021, at 23:53, Khem Raj wrote: > > With commit dc778c70449ee5401b5a24ad18b22b88338c47c5, dependency was > > moved to openssl-bin which in itself was a fine change, but dropping > > dependency on openssl too should have been kept along, dropping this > > meant that openssl binary wont be able to validate secure connections as > > the CApath files wont be installed, which infact are required for > > openssl bins to work, following call e.g. fails > > > > $ openssl s_client -connect google.com:443 > > > > .... > > New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 > > Server public key is 256 bit > > Secure Renegotiation IS NOT supported > > Compression: NONE > > Expansion: NONE > > No ALPN negotiated > > Early data was not sent > > Verify return code: 20 (unable to get local issuer certificate) > > .... > > > > The local issuer certs are not found in default location > > /usr/lib/ssh-1.1/certs, this dir and its content is installed by openssl > > package > > therefore re-add the dependency on openssl > > Good idea for a ptest. Change looks good to me.
Might be worth a bug opening so we don't forget? Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#151007): https://lists.openembedded.org/g/openembedded-core/message/151007 Mute This Topic: https://lists.openembedded.org/mt/82197118/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
