https://bugzilla.redhat.com/show_bug.cgi?id=2368742
--- Comment #12 from Pavol Sloboda <[email protected]> --- > > > mariadb11.8.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/bin/mariadb SSL_CTX_set_cipher_list > > > mariadb11.8.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/bin/mariadb-admin SSL_CTX_set_cipher_list > > > mariadb11.8.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/bin/mariadb-binlog SSL_CTX_set_cipher_list > > > mariadb11.8.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/bin/mariadb-check SSL_CTX_set_cipher_list > > > mariadb11.8.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/bin/mariadb-dump SSL_CTX_set_cipher_list > > > mariadb11.8.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/bin/mariadb-import SSL_CTX_set_cipher_list > > > mariadb11.8.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/bin/mariadb-show SSL_CTX_set_cipher_list > > > mariadb11.8.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/bin/mariadb-slap SSL_CTX_set_cipher_list > > > mariadb11.8-backup.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/bin/mariadb-backup SSL_CTX_set_cipher_list > > > mariadb11.8-embedded.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/lib64/libmariadbd.so.19 SSL_CTX_set_cipher_list > > > mariadb11.8-server.x86_64: W: crypto-policy-non-compliance-openssl > > > /usr/libexec/mariadbd SSL_CTX_set_cipher_list > > Is this at least reported to upstream? > I am still investigating these and I will either provide a reason why they > are valid or contact upstream about them in the near future. I have looked into the packaging guidelines [1], specifically the OpenSSL applications part of the aforementioned link and as mentioned in that section, the SSL_CTX_set_cipher_list can't be called with a fixed string unless it is "PROFILE=SYSTEM". It is being called with the return value of TLS_client_method(), which uses the ssl profile specified inside the makefile, which is being set during the build process using the -DWITH_SSL=system cmake flag to the system policy. This means that the packaging guidelines are being satisfied. Therefore the warnings above seem to be false positives. [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_cc_applications -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2368742 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202368742%23c12 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
