8d5b538747
1 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jun Aruga
|
8d5b538747 |
ssl: use ffdhe2048 from RFC 7919 as the default DH group parameter
When the dependant openssl-libs was upgraded from 1:3.1.1-4.fc40 to
1:3.1.4-1.fc40, Fedora rawhide started to fail on Koschei.
This commit fixes the following failures in OpenSSL FIPS.
```
+ make -C redhat-linux-build runruby 'TESTRUN_SCRIPT= -I/builddir/build/BUILD/ruby-3.2.2/tool/lib --enable-gems /builddir/build/SOURCES/test_openssl_fips.rb /builddir/build/BUILD/ruby-3.2.2 --verbose'
...
1) Failure:
OpenSSL::TestFIPS#test_fips_mode_get_with_fips_mode_set [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:38]:
assert_separately failed with error message
pid 93968 exit 1
| /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `initialize': could not parse pkey (OpenSSL::PKey::DHError)
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in `<class:SSLContext>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in `<module:SSL>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in `<module:OpenSSL>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in `<top (required)>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `require_relative'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `<top (required)>'
| >-from -:in `require'
2) Failure:
OpenSSL::TestFIPS#test_fips_mode_get_is_true_on_fips_mode_enabled [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:12]:
assert_separately failed with error message
pid 93969 exit 1
| /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `initialize': could not parse pkey (OpenSSL::PKey::DHError)
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in `<class:SSLContext>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in `<module:SSL>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in `<module:OpenSSL>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in `<top (required)>'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `require_relative'
| >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `<top (required)>'
| >-from -:in `require'
Finished tests in 0.166449s, 72.0941 tests/s, 342.4468 assertions/s.
12 tests, 57 assertions, 2 failures, 0 errors, 1 skips
```
The commit was ported from CentOS Stream rpms/ruby stream-ruby-3.1-rhel-9.4.0 branch:
<
|