On Tue, Feb 09, 2021 at 10:19:59PM +0100, Theo Buehler wrote:
> On Sun, Feb 07, 2021 at 05:35:41PM +0100, Remi Locherer wrote:
> > Hi
> >
> > This updates librelp to version 1.9.0. The changelog can be found here:
> > https://github.com/rsyslog/librelp/blob/master/ChangeLog
> >
> > Many changes are related to TLS and openssl. I had to add a patch to make
> > it compile with libressl.
> >
> > Running the tests shows that librelp does not work with libressl. Most TLS
> > tests run twice: once with gnutls and once with openssl. The runs with
> > openssl fail.
>
> I haven't investigated it fully, but I believe this is mostly due to
> their ca.pem (and perhaps others) containing
>
> X509v3 Subject Alternative Name:
> DNS:rsyslog ca
>
> which is quite obviously bogus (it should be a valid DNS name). If I
> hack up the verifier to accept this, all but 3 tests pass. I will look
> at these other failures soon.
One similar failure due to openssl-ca.pem containing this:
X509v3 Subject Alternative Name:
DNS:[email protected], DNS:[email protected],
email:[email protected]
And the remaining two failures seem to be due to differences in error
output between the libraries.
While I'm unsure why OpenSSL and GnuTLS don't complain about these, I
don't think these test failures indicate a problem of this port with
libressl and should not hold up committing the update.
ok tb
