xmltooling: FTBFS against OpenSSL 3.0

Bug #1957166 reported by Simon Chopin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xmltooling (Ubuntu)
Fix Released
High
Unassigned

Bug Description

The package fails to build, the test run fails.

The issue comes from the xmltoolingtest/data/test.pfx certificate that contains data encrypted using RC2, which is disabled by default in OpenSSL 3.0. It could be re-enabled using the legacy provider, but I'd rather upgrade the certificate to use a supported algorithm.

Converting the algorithm can be done via these simple steps (using an intermediary file because piping doesn't seem to work...)

openssl pkcs12 -in xmltoolingtest/data/test.pfx -passin pass:password -out cert.pem -nodes
openssl pkcs12 -export -descert -out xmltoolingtest/data/test.pfx -passout pass:password -in cert.pem
rm cert.pem

(note that if using OpenSSL 3.0 you'll need to add `-provider default -provider legacy` to the first command in order to decode the original file)

Simon Chopin (schopin)
description: updated
description: updated
Simon Chopin (schopin)
Changed in xmltooling (Ubuntu):
status: New → Fix Committed
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

So the package still fails autopkgtests because there is a test that downloads the test.pfx file from upstream git and does operations on that. So I'll disable that I think...

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xmltooling - 3.2.1-1ubuntu2

---------------
xmltooling (3.2.1-1ubuntu2) jammy; urgency=medium

  * d/patches/lp-1957166-harder.patch: Remove tests that download obsolete
    certificates from upstream git.

 -- Michael Hudson-Doyle <email address hidden> Mon, 14 Mar 2022 12:27:18 +1300

Changed in xmltooling (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers