Bug 1042674

Summary: socat fails to build with openssl-1.1
Product: [openSUSE] openSUSE Tumbleweed Reporter: Tomáš Chvátal <tchvatal>
Component: OtherAssignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: vcizek
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1042629    
Attachments: change the security level to 0 when using openssl with anull ciphers in the testsuite

Description Tomáš Chvátal 2017-06-05 10:44:55 UTC 
The package fails to build with openssl-1.1. For more information
see the blocker bug.

Currently tested in Staging:I
https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:I/socat/standard/x86_64
Comment 1 Vítězslav Čížek 2017-08-17 13:26:51 UTC 
The testsuite failure:
error:141640B5:SSL routines:tls_construct_client_hello:no ciphers available
is caused by the fact that OpenSSL 1.1 doesn't allow aNULL ciphers by default.

OpenSSL 1.1 introduces the concept of security levels, in attempt to prevent
users from accidentally setting insecure ciphers.
aNULL ciphers are considered insecure and are only allowed in Security Level 0.
The default Security Level is 1.

Unfortunately a cipher string with "@SECLEVEL=0" is not accepted in older
OpenSSL versions, so a patch like that would only need to be applied to distributions that have openssl 1.1.
Comment 2 Vítězslav Čížek 2017-08-17 13:27:38 UTC 
Created attachment 737059 [details]
change the security level to 0 when using openssl with anull ciphers in the testsuite
Comment 3 Marcus Meissner 2017-08-17 13:53:48 UTC 
patch merged with a pkg-config check.
Comment 4 Bernhard Wiedemann 2017-08-17 16:02:10 UTC 
This is an autogenerated message for OBS integration:
This bug (1042674) was mentioned in
https://build.opensuse.org/request/show/517414 Factory / socat