rpms / ruby

Clone
Source Code
GIT

8d5b538 ssl: use ffdhe2048 from RFC 7919 as the default DH group parameter

Authored and Committed by jaruga 6 months ago
raw patch tree parent
2 files changed. 81 lines added. 0 lines removed.
ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-dh-require-openssl.patch
file added
+73
ruby.spec
file modified
+8 -0 
    ssl: use ffdhe2048 from RFC 7919 as the default DH group parameter
    
    When the dependant openssl-libs was upgraded from 1:3.1.1-4.fc40 to
    1:3.1.4-1.fc40, Fedora rawhide started to fail on Koschei.
    
    This commit fixes the following failures in OpenSSL FIPS.
    
    ```
    + make -C redhat-linux-build runruby 'TESTRUN_SCRIPT=   -I/builddir/build/BUILD/ruby-3.2.2/tool/lib --enable-gems   /builddir/build/SOURCES/test_openssl_fips.rb /builddir/build/BUILD/ruby-3.2.2 --verbose'
    ...
      1) Failure:
    OpenSSL::TestFIPS#test_fips_mode_get_with_fips_mode_set [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:38]:
    assert_separately failed with error message
    pid 93968 exit 1
    | /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `initialize': could not parse pkey (OpenSSL::PKey::DHError)
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in `<class:SSLContext>'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in `<module:SSL>'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in `<module:OpenSSL>'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in `<top (required)>'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `require_relative'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `<top (required)>'
    | >-from -:in `require'
      2) Failure:
    OpenSSL::TestFIPS#test_fips_mode_get_is_true_on_fips_mode_enabled [/builddir/build/BUILD/ruby-3.2.2/test/openssl/test_fips.rb:12]:
    assert_separately failed with error message
    pid 93969 exit 1
    | /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `initialize': could not parse pkey (OpenSSL::PKey::DHError)
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/pkey.rb:132:in `new'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:37:in `<class:SSLContext>'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:23:in `<module:SSL>'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:22:in `<module:OpenSSL>'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl/ssl.rb:21:in `<top (required)>'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `require_relative'
    | >-from /builddir/build/BUILD/ruby-3.2.2/redhat-linux-build/.ext/common/openssl.rb:21:in `<top (required)>'
    | >-from -:in `require'
    Finished tests in 0.166449s, 72.0941 tests/s, 342.4468 assertions/s.
    12 tests, 57 assertions, 2 failures, 0 errors, 1 skips
    ```
    
    The commit was ported from CentOS Stream rpms/ruby stream-ruby-3.1-rhel-9.4.0 branch:
    <https://gitlab.com/redhat/centos-stream/rpms/ruby/-/commit/59242d8ce8261a9759dfb2bd8db673e55061a28b>.
file added
+73
file modified
+8 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.