You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2020/04/08 16:33:05 UTC
[Bug 7807] New: t/spamd_ssl.t fails due to small key size
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7807
Bug ID: 7807
Summary: t/spamd_ssl.t fails due to small key size
Product: Spamassassin
Version: 3.4.4
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Regression Tests
Assignee: dev@spamassassin.apache.org
Reporter: olysonek@redhat.com
Target Milestone: Undefined
On RHEL/Centos 8, due to its default crypto policy, the 'tests t/spamd_ssl.t'
and 't/spamd_ssl_accept_fail.t' fail, because the key in the certificate
(t/data/etc/testhost.cert, t/data/etc/testhost.key) is too small.
I've confirmed this with a small sample program that loads the certificate. The
program fails with the following error:
140561996314432:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too
small:ssl/ssl_rsa.c:310
If I generate my own key/certificate using e.g. the following, the tests pass.
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout testhost.key
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout
testhost.key -out testhost.cert
Can you please generate a new test key/certificate that is larger and add it to
the repository?
Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7807] t/spamd_ssl.t fails due to small key size
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7807
Henrik Krohns <ap...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
CC| |apache@hege.li
Status|NEW |RESOLVED
--- Comment #3 from Henrik Krohns <ap...@hege.li> ---
Cert updated
Sending spamassassin-3.4/t/data/etc/testhost.cert
Sending spamassassin-3.4/t/data/etc/testhost.key
Sending trunk/t/data/etc/testhost.cert
Sending trunk/t/data/etc/testhost.key
Transmitting file data ....done
Committing transaction...
Committed revision 1876347.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7807] t/spamd_ssl.t fails due to small key size
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7807
Ondřej Lysoněk <ol...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |olysonek@redhat.com
--- Comment #2 from Ondřej Lysoněk <ol...@redhat.com> ---
Thanks! This fixes the problem for me with the 3.4 version.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7807] t/spamd_ssl.t fails due to small key size
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7807
Noah Meyerhans <fr...@morgul.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |frodo@morgul.net
--- Comment #1 from Noah Meyerhans <fr...@morgul.net> ---
Created attachment 5695
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5695&action=edit
proposed fix
The attached patch against the 3.4 branch includes a new certificate. It also
updates the tests to use a unprivileged TCP port, allowing them to execute as
non root users. (bz #7763)
I haven't tried to apply this against trunk.
--
You are receiving this mail because:
You are the assignee for the bug.