Hello. At Mon, 17 Sep 2018 22:13:40 +0900, Michael Paquier <mich...@paquier.xyz> wrote in <20180917131340.ge31...@paquier.xyz> > Hi all, > > On a rather freshly-updated Debian SID server, I am able to see failures > for the SSL TAP tests: > 2018-09-17 22:00:27.389 JST [13072] LOG: database system is shut down > 2018-09-17 22:00:27.506 JST [13082] FATAL: could not load server > certificate file "server-cn-only.crt": ee key too small > 2018-09-17 22:00:27.506 JST [13082] LOG: database system is shut down > 2018-09-17 22:00:27.720 JST [13084] FATAL: could not load server > certificate file "server-cn-only.crt": ee key too small > > Wouldn't it be better to rework the rules used to generate the different > certificates and reissue them in the tree? It seems to me that this is > just waiting to fail in other platforms as well..
I agree that we could get into the same trouble sooner or later. Do you mean that cert/key files are generated on-the-fly while running 'make check'? It sounds reasonable as long as just replaceing existing files with those with longer (2048bits?) keys doesn't work for all supported platforms. regards. -- Kyotaro Horiguchi NTT Open Source Software Center
