Ubuntu
xmltooling package

xmltooling: FTBFS against OpenSSL 3.0

Bug #1957166 reported by Simon Chopin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xmltooling (Ubuntu)
Fix Released
High
Unassigned

Bug Description

The package fails to build, the test run fails.

The issue comes from the xmltoolingtest/data/test.pfx certificate that contains data encrypted using RC2, which is disabled by default in OpenSSL 3.0. It could be re-enabled using the legacy provider, but I'd rather upgrade the certificate to use a supported algorithm.

Converting the algorithm can be done via these simple steps (using an intermediary file because piping doesn't seem to work...)

openssl pkcs12 -in xmltoolingtest/data/test.pfx -passin pass:password -out cert.pem -nodes
openssl pkcs12 -export -descert -out xmltoolingtest/data/test.pfx -passout pass:password -in cert.pem
rm cert.pem

(note that if using OpenSSL 3.0 you'll need to add `-provider default -provider legacy` to the first command in order to decode the original file)

See original description
Simon Chopin (schopin)
description: updated
description: updated
Simon Chopin (schopin)
Changed in xmltooling (Ubuntu):
status: New → Fix Committed
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

So the package still fails autopkgtests because there is a test that downloads the test.pfx file from upstream git and does operations on that. So I'll disable that I think...

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xmltooling - 3.2.1-1ubuntu2

---------------
xmltooling (3.2.1-1ubuntu2) jammy; urgency=medium

  * d/patches/lp-1957166-harder.patch: Remove tests that download obsolete
    certificates from upstream git.

 -- Michael Hudson-Doyle <email address hidden> Mon, 14 Mar 2022 12:27:18 +1300

Changed in xmltooling (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.