[MDEV-18019] Default test certificate key too small, incompatible with OpenSSL 1.1.0 - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 10.6.0
Component/s: Packaging, Platform Debian, Tests
Labels:
None

Description

After uploading MariaDB 10.3 to Debian experimental I noticed all builds were failing. One of the reasons was the inability of the mysqld process to serve any connections due to this:

SSL error: Unable to get certificate from '/tmp/build/source/mysql-test/std_data/server-cert.pem'

2018-12-16 15:56:57 0 [Warning] Failed to setup SSL

2018-12-16 15:56:57 0 [Warning] SSL error: Unable to get certificate

2018-12-16 15:56:57 0 [Warning] SSL error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

2018-12-16 15:56:57 0 [Note] Server socket created on IP: '127.0.0.1'.

2018-12-16 15:56:57 0 [Note] Reading of all Master_info entries succeded

2018-12-16 15:56:57 0 [Note] Added new Master_info '' to hash table

2018-12-16 15:56:57 0 [Note] /tmp/build/source/builddir/sql/mysqld: ready for connections.

Version: '10.3.11-MariaDB-1~exp1-log'  socket: '/tmp/build/source/builddir/mysql-test/var/tmp/4/mysqld.1.sock'  port: 16060  Debian unstable

Reports online suggest that the new OpenSSL (available in Debian unstable) does not accept the small keysize in our test certificate. See https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_security_level.html

Attachments

Issue Links

relates to

MDEV-18135 binlog_encryption.encrypted_slave, main.pool_of_threads and connect tests fail in buildbot with SSL error

Open

Activity

People

Assignee:: Otto Kekäläinen

Reporter:: Otto Kekäläinen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2018-12-16 16:12

Updated:: 2021-04-11 18:26

Resolved:: 2021-04-11 18:26

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.