1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1101045: m2crypto: FTBFS with OpenSSL 3.5

    From Sebastian Andrzej Siewior@21:1/5 to All on Sat Mar 22 13:40:01 2025
    Package: m2crypto
    Version: 0.42.0-2.1
    Severity: important
    Tags: sid patch
    control: affects -1 src:openssl
    User: pkg-openssl-devel@lists.alioth.debian.org
    Usertags: openssl-3.5

    The HttpslibSSLSNIClientTestCase::test_IP_call test stalls/ times out
    because the output of the openssl binary, which increased with the new
    vrsion, isn't consumed by the testsuite.

    The patch attached fixes the issue.

    Sebastian

    From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
    Date: Sat, 22 Mar 2025 12:36:18 +0100
    Subject: [PATCH] tests: Don't pass `-debug' to openssl.

    The HttpslibSSLSNIClientTestCase test starts "openssl s_server" as the
    server side and passes `-debug' as one of the arguments. This option
    increases the output while its content is not considered/ parsed by the
    test suite as far as I can observe.
    OpenSSL 3.5 (currently alpha) added post-quantum hybrid key agreement
    support. As part of this support keys for X25519MLKEM768 are sent during
    the client-hello phase and not just X25519. Since the keys for MLKEM768
    are large, the client-hello and server-hello messages become
    significantly bigger (since now X25519MLKEM768 is now supported on both
    sides). This in turn increases the output generated by the `-debug'
    switch.

    The output of `openssl s_server' is not consumed while the application
    is running but cached in the PIPE and consumed after the server has been terminated and the output is parsed in self.stop_server().
    Due to the big increase of the output due the additional keys the `test_IP_call' test stalls now because OpenSSL's write to the output
    blocks until the reader consumes it but this is not happening until
    after the tests completes. So the test stalls.

    The additional content generated by the `-debug' switch is not important
    for the tests. The `-msg' switch is used for hostname verification.

    Don't pass `-debug' to openssl.

    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
    ---
    tests/test_ssl.py | 1 -
    1 file changed, 1 deletion(-)

    diff --git a/tests/test_ssl.py b/tests/test_ssl.py
    index c873acf0b93c5..6ba549ddc4dbb 100644
    --- a/tests/test_ssl.py
    +++ b/tests/test_ssl.py
    @@ -302,7 +302,6 @@ sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', '1.5'))
    's_server',
    '-servername',
    srv_host,
    - '-debug',
    '-www',
    '-msg',
    '-cert',
    --
    2.49.0

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)