File 0201-ftp-workaround-OpenSSL-seclevel-and-OTP-SH... of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 0201-ftp-workaround-OpenSSL-seclevel-and-OTP-SHA1-signing.patch of Package erlang

From a003a2e78a565e01f2990c844b420ff6623461f0 Mon Sep 17 00:00:00 2001
From: Alexander Clouter <alex@digriz.org.uk>
Date: Mon, 13 Jul 2020 21:57:06 +0100
Subject: [PATCH 11/14] ftp: workaround OpenSSL seclevel and OTP SHA1 signing
 certificates

The default in some modern distros (Debian 10) is to set in /etc/ssl/openssl.cnf
"CipherString = DEFAULT@SECLEVEL=2" which causes vsftpd to exits confusingly with
"500 OOPS: SSL: cannot load RSA certificate"
---
 lib/ftp/test/ftp_SUITE.erl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/ftp/test/ftp_SUITE.erl b/lib/ftp/test/ftp_SUITE.erl
index 80444e4ee1..5327e27a4d 100644
--- a/lib/ftp/test/ftp_SUITE.erl
+++ b/lib/ftp/test/ftp_SUITE.erl
@@ -162,7 +162,8 @@ ftp_sup_tests() ->
                   Helper = spawn(fun() ->
                       case os:cmd("ps ax | grep erlang_otp_testing | awk '/vsftpd/{print $1}'") of
                           [] ->
-                              case open_port({spawn,Cmd},[exit_status]) of
+                              % OpenSSL system_default_sect CipherString may reject the SHA1 signed testing certificates
+                              case open_port({spawn,Cmd},[{env,[{"OPENSSL_CONF","/dev/null"}]},exit_status]) of
                                   Port when is_port(Port) ->
                                       timer:sleep(500),        % give it a chance to actually open the listening socket
                                       Parent ! {ok,Port},
-- 
2.26.2

Places

File 0201-ftp-workaround-OpenSSL-seclevel-and-OTP-SHA1-signing.patch of Package erlang

Places