Hello.
At Mon, 17 Sep 2018 22:13:40 +0900, Michael Paquier <michael@paquier.xyz> wrote in
<20180917131340.GE31460@paquier.xyz>
> Hi all,
>
> On a rather freshly-updated Debian SID server, I am able to see failures
> for the SSL TAP tests:
> 2018-09-17 22:00:27.389 JST [13072] LOG: database system is shut down
> 2018-09-17 22:00:27.506 JST [13082] FATAL: could not load server
> certificate file "server-cn-only.crt": ee key too small
> 2018-09-17 22:00:27.506 JST [13082] LOG: database system is shut down
> 2018-09-17 22:00:27.720 JST [13084] FATAL: could not load server
> certificate file "server-cn-only.crt": ee key too small
>
> Wouldn't it be better to rework the rules used to generate the different
> certificates and reissue them in the tree? It seems to me that this is
> just waiting to fail in other platforms as well..
I agree that we could get into the same trouble sooner or later.
Do you mean that cert/key files are generated on-the-fly while
running 'make check'? It sounds reasonable as long as just
replaceing existing files with those with longer (2048bits?) keys
doesn't work for all supported platforms.
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center