Skip Menu |

This queue is for tickets about the grpc-xs CPAN distribution.

Report information
The Basics
Id: 133111
Status: new
Priority: 0/
Queue: grpc-xs
People
Owner: Nobody in particular
Requestors: ppisar [...] redhat.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.32
Fixed in: (no value)

History Show all quoted text
  Mon Aug 03 08:02:48 2020 ppisar [...] redhat.com - Ticket created
Subject: Tests hang on systems that disallow 1024-bit RSA keys
On Fedora 33 Linux distribution the tests hang: $ perl -Iblib/{arch,lib} t/01-call_credentials.t 1..28 ok 1 - use Grpc::XS::CallCredentials; ok 2 - use Grpc::XS::Server; ok 3 - use Grpc::XS::ChannelCredentials; ok 4 - use Grpc::XS::ServerCredentials; ok 5 - use Grpc::Constants; E0803 13:56:46.080482539 40011 ssl_transport_security.cc:683] Invalid cert chain file. E0803 13:56:46.080584932 40011 ssl_security_connector.cc:275] Handshaker factory creation failed with TSI_INVALID_ARGUMENT. E0803 13:56:46.080641605 40011 server_secure_chttp2.cc:81] {"created":"@1596455806.080625499","description":"Unable to create secure server with credentials of type Ssl.","file":"src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":63} ok 6 - startBatch failed return send_metadata ok 7 - startBatch failed return send_close ^C That's because t/data/*.pem certificates used for tests are 1024-bit long and that's too weak for Fedora 33 security standards. A remedy will be generate stronger keys and certificates.
  Mon Aug 03 08:51:42 2020 ppisar [...] redhat.com - Correspondence added
Dne Po 03.srp.2020 08:02:48, ppisar napsal(a): Show quoted text
> That's because t/data/*.pem certificates used for tests are 1024-bit > long and that's too weak for Fedora 33 security standards. A remedy > will be generate stronger keys and certificates.
An attached patch implements it.
Subject: grpc-xs-0.32-Use-2048-bit-RSA-keys-in-the-tests.patch
From 100ba52095da9ae033c889bf0eb99e204e21ace8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> Date: Mon, 3 Aug 2020 14:44:53 +0200 Subject: [PATCH] Use 2048-bit RSA keys in the tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit t/01-call_credentials.t used 1024-bit RSA keys and hang on systems that rejects those keys: $ perl -Iblib/{arch,lib} t/01-call_credentials.t 1..28 ok 1 - use Grpc::XS::CallCredentials; ok 2 - use Grpc::XS::Server; ok 3 - use Grpc::XS::ChannelCredentials; ok 4 - use Grpc::XS::ServerCredentials; ok 5 - use Grpc::Constants; E0803 14:46:58.627369566 40057 ssl_transport_security.cc:683] Invalid cert chain file. E0803 14:46:58.627458075 40057 ssl_security_connector.cc:275] Handshaker factory creation failed with TSI_INVALID_ARGUMENT. E0803 14:46:58.627478034 40057 server_secure_chttp2.cc:81] {"created":"@1596458818.627471612","description":"Unable to create secure server with credentials of type Ssl.","file":"src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":63} ok 6 - startBatch failed return send_metadata ok 7 - startBatch failed return send_close ^C This patch fixes it by using a stronger key. CPAN RT#133111 Signed-off-by: Petr Písař <ppisar@redhat.com> --- t/data/ca.pem | 32 +++++++++++++++++++------------- t/data/server1.key | 43 +++++++++++++++++++++++++++---------------- t/data/server1.pem | 36 ++++++++++++++++++++++-------------- 3 files changed, 68 insertions(+), 43 deletions(-) diff --git a/t/data/ca.pem b/t/data/ca.pem index 6c8511a..7360080 100644 --- a/t/data/ca.pem +++ b/t/data/ca.pem @@ -1,15 +1,21 @@ -----BEGIN CERTIFICATE----- -MIICSjCCAbOgAwIBAgIJAJHGGR4dGioHMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RjYTAeFw0xNDExMTEyMjMxMjla -Fw0yNDExMDgyMjMxMjlaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 -YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMT -BnRlc3RjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwEDfBV5MYdlHVHJ7 -+L4nxrZy7mBfAVXpOc5vMYztssUI7mL2/iYujiIXM+weZYNTEpLdjyJdu7R5gGUu -g1jSVK/EPHfc74O7AyZU34PNIP4Sh33N+/A5YexrNgJlPY+E3GdVYi4ldWJjgkAd -Qah2PH5ACLrIIC6tRka9hcaBlIECAwEAAaMgMB4wDAYDVR0TBAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADgYEAHzC7jdYlzAVmddi/gdAeKPau -sPBG/C2HCWqHzpCUHcKuvMzDVkY/MP2o6JIW2DBbY64bO/FceExhjcykgaYtCH/m -oIU63+CFOTtR7otyQAWHqXa7q4SbCDlG7DyRFxqG0txPtGvy12lgldA2+RgcigQG -Dfcog5wrJytaQ6UA0wE= +MIIDfTCCAmWgAwIBAgIUeFbAjK3THrsyd7V8n/LgCKQO95AwDQYJKoZIhvcNAQEL +BQAwVjEPMA0GA1UEAxMGdGVzdGNhMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRz +IFB0eSBMdGQxEzARBgNVBAgTClNvbWUtU3RhdGUxCzAJBgNVBAYTAkFVMB4XDTIw +MDgwMzEyMzUxNVoXDTMwMDgwMTEyMzUyMFowVjEPMA0GA1UEAxMGdGVzdGNhMSEw +HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEzARBgNVBAgTClNvbWUt +U3RhdGUxCzAJBgNVBAYTAkFVMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAp9Sw1/oKCBVRDQWq8HhfT5iHHiYgxGiZ65nr9lJnKAjkmYon7FRdODG9gW+n +twOtdVasWQa2BW36yGtACeNqVYRIT7RWiqr0f8p7Zrt4s7iAsgAC6yBlwzKLcYlq +W9Bav6Hd1rv6vE+DUwUFdmQ+7HnQXU0PKO3rsk41PpseD/bie8KClJOCT50DaAZY +IZuMwEz6Y6FAZKg3g6scawFGsX9lrg5mctVvoU9MNse0Y1DtXJj6LZI0rXD4Ddgf +K9xaCxsqewAHrEOh0wpcf4bVt8OUwsrw7SFcoq7SGhl9/XrxIgjIsxE2fhxzC8As +DmnGgTT4iqrHXurORx5cHPYRFQIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8G +A1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFGs8fFHLcFpwVvQl0LTIfAIOn8CzMA0G +CSqGSIb3DQEBCwUAA4IBAQBRRIVdi3INUAsBniqpNQOo7QgMGziWrqCoZN6f52zJ +/xANG6osxNxk6XQW7nd1Rsv2DqBAsuC91P1qXEX2olKXB1tJKVpn494x7L1ZQ0lM +pGsrPEI56iLUiu1frE+fkd27Eci5wWGDgUSpkbIdlYtfjqQ3yRpBtyUQiMH5Za3U +4NiWH4N+0n/NAU5lV/AY+T7Fuih0lnNiJam9ncBXR/T4p8ztnfWGYYCSITGrtfvL +HuHGQ42rsEIXir+N6tt/raeUXtWB6qW98+HOPg4XfwUb+LCN0vXRhHGPd88fjWMW +AjaT2QdrfTDc9ld2D/G0Ew9FLgwG4lJ6Hh68hmZxT0Qq -----END CERTIFICATE----- diff --git a/t/data/server1.key b/t/data/server1.key index 143a5b8..00b8bbf 100644 --- a/t/data/server1.key +++ b/t/data/server1.key @@ -1,16 +1,27 @@ ------BEGIN PRIVATE KEY----- -MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAOHDFScoLCVJpYDD -M4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1BgzkWF+slf -3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd9N8YwbBY -AckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAECgYAn7qGnM2vbjJNBm0VZCkOkTIWm -V10okw7EPJrdL2mkre9NasghNXbE1y5zDshx5Nt3KsazKOxTT8d0Jwh/3KbaN+YY -tTCbKGW0pXDRBhwUHRcuRzScjli8Rih5UOCiZkhefUTcRb6xIhZJuQy71tjaSy0p -dHZRmYyBYO2YEQ8xoQJBAPrJPhMBkzmEYFtyIEqAxQ/o/A6E+E4w8i+KM7nQCK7q -K4JXzyXVAjLfyBZWHGM2uro/fjqPggGD6QH1qXCkI4MCQQDmdKeb2TrKRh5BY1LR -81aJGKcJ2XbcDu6wMZK4oqWbTX2KiYn9GB0woM6nSr/Y6iy1u145YzYxEV/iMwff -DJULAkB8B2MnyzOg0pNFJqBJuH29bKCcHa8gHJzqXhNO5lAlEbMK95p/P2Wi+4Hd -aiEIAF1BF326QJcvYKmwSmrORp85AkAlSNxRJ50OWrfMZnBgzVjDx3xG6KsFQVk2 -ol6VhqL6dFgKUORFUWBvnKSyhjJxurlPEahV6oo6+A+mPhFY8eUvAkAZQyTdupP3 -XEFQKctGz+9+gKkemDp7LBBMEMBXrGTLPhpEfcjv/7KPdnFHYmhYeBTBnuVmTVWe -F98XJ7tIFfJq ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAp9Sw1/oKCBVRDQWq8HhfT5iHHiYgxGiZ65nr9lJnKAjkmYon +7FRdODG9gW+ntwOtdVasWQa2BW36yGtACeNqVYRIT7RWiqr0f8p7Zrt4s7iAsgAC +6yBlwzKLcYlqW9Bav6Hd1rv6vE+DUwUFdmQ+7HnQXU0PKO3rsk41PpseD/bie8KC +lJOCT50DaAZYIZuMwEz6Y6FAZKg3g6scawFGsX9lrg5mctVvoU9MNse0Y1DtXJj6 +LZI0rXD4DdgfK9xaCxsqewAHrEOh0wpcf4bVt8OUwsrw7SFcoq7SGhl9/XrxIgjI +sxE2fhxzC8AsDmnGgTT4iqrHXurORx5cHPYRFQIDAQABAoIBAC7KFi9wTyGnx7vo +q5p1BKVtMaZPHO2E9/x+IhG/MXEw4YKIyM6TSpXjECEo3sogJVjEPDJps49Z9QOx +Gt5m33tN8Nb/wOzR8m46JiMi+uin9IErjaS9mIFN8yBJHjTQpqwsVWuLZsDfLg6U +JMy37+7/mv6YADT5967zLNbyafQq/anZyePa+CL+gNeZUTaGd/XOA379Fpri6xZ4 +gMmW5oQoCSrzWnyk667kziAR4eGrFEe0DksNQ3f1pp9mMVEm332mnKdPrO8HLnaS +iiW3UmHS31spWK89ogWPN8N7Xsf5Ct3ft/dq7qeRU31OgpOxR+MYs0JxT7RbC0rD +eoNHzeECgYEA04IOoti5Q6j/URNelTCVCBXeEKiVdXuB4giNV86KfSaRZGXmNfbz +RoqaqPtNmppLO5umw2E9VJdBH1U2rUyvNPOLVP8raF9AQHM/LnW6pkfMoRoVvSKj +wdBbYjdtPXyN81Cb3uBT0WKwVtkd53YCcXOJpWORpPuIivYsS/LwhX0CgYEAyyKR +Mx6wpTbBSZvmgbF19QSxuoM7IN7Jv23BWJU9EsdhcHm8T3oVk8mCuqzJORtTNJgS +D82kC7bzWgtpboSsw7v/Kcpms0yQL9HcAuTbeGDF2pB49LtlY72V/G/OelLGa7IW +iT3X6tLfSDLGI3EaoFvUdPlUUN5Hvpql6HIQLXkCgYBXTHUSDfXZ0WUgZ6hAV78L +iUsRASQ/S2z+iJ0eQueyZDraf5yXZYhf81GGscMELu8ieUpJllckFRISBq/8s4wV +hPhbar7V44q3j1niqUES5Mu3KvcSC7wfgQpW7Z2vJTvJ09miEmFGKT+zeQX4xSKZ +BSEpHIG+4PsosBb0eh+AWQKBgG/DcxQnPJWKDMrNJgQReY73qDmwXmX1bhcO8iQk +6Fder7PMptkrmJeZdX3z9zqeWCdFzBo50JpJbJcMVFPkV5HR69A4dk0MQQCufFhz +RnVy+SkJ+CLewCgidVVQxs/ynw0+DLwx9IxUvVjh5rY1UqsMG1bIn6Vmxx6Nw96i +c1gxAoGAKOO8auj41tcBeJtdZybANCMZhps5ZnfQz2uVZE13oPoHaxBTn0l6MzLG +83nCtmmTunl+d+RUgdJyLO9w1EkHcffh1lwN9yDw3t46cLOUePK8+tQnCgXf7WWE +Qj3zm3Tl9PiqIzYeB7FA9Yu6tg5eBFTw4G5PolHMIbNU7uj5ol4= +-----END RSA PRIVATE KEY----- diff --git a/t/data/server1.pem b/t/data/server1.pem index f3d43fc..4cd739b 100644 --- a/t/data/server1.pem +++ b/t/data/server1.pem @@ -1,16 +1,24 @@ -----BEGIN CERTIFICATE----- -MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET -MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx -MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV -BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 -ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco -LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg -zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd -9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw -CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy -em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G -CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 -hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh -y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 +MIIEEjCCAvqgAwIBAgIUF7v640qBiNk8ZDdRapfRgztimbkwDQYJKoZIhvcNAQEL +BQAwVjEPMA0GA1UEAxMGdGVzdGNhMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRz +IFB0eSBMdGQxEzARBgNVBAgTClNvbWUtU3RhdGUxCzAJBgNVBAYTAkFVMB4XDTIw +MDgwMzEyNDEzOVoXDTMwMDUwMzEyNDE1NFowZTEaMBgGA1UEAwwRKi50ZXN0Lmdv +b2dsZS5jb20xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEQMA4GA1UEBxMHQ2hpY2Fn +bzERMA8GA1UECBMISWxsaW5vaXMxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAp9Sw1/oKCBVRDQWq8HhfT5iHHiYgxGiZ65nr9lJn +KAjkmYon7FRdODG9gW+ntwOtdVasWQa2BW36yGtACeNqVYRIT7RWiqr0f8p7Zrt4 +s7iAsgAC6yBlwzKLcYlqW9Bav6Hd1rv6vE+DUwUFdmQ+7HnQXU0PKO3rsk41Ppse +D/bie8KClJOCT50DaAZYIZuMwEz6Y6FAZKg3g6scawFGsX9lrg5mctVvoU9MNse0 +Y1DtXJj6LZI0rXD4DdgfK9xaCxsqewAHrEOh0wpcf4bVt8OUwsrw7SFcoq7SGhl9 +/XrxIgjIsxE2fhxzC8AsDmnGgTT4iqrHXurORx5cHPYRFQIDAQABo4HIMIHFMAwG +A1UdEwEB/wQCMAAwTwYDVR0RBEgwRoIQKi50ZXN0Lmdvb2dsZS5mcoIYd2F0ZXJ6 +b29pLnRlc3QuZ29vZ2xlLmJlghIqLnRlc3QueW91dHViZS5jb22HBMCoAQMwEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUazx8 +UctwWnBW9CXQtMh8Ag6fwLMwHwYDVR0jBBgwFoAUazx8UctwWnBW9CXQtMh8Ag6f +wLMwDQYJKoZIhvcNAQELBQADggEBACeQPYuvqhZ/LA+vtz8U9fvIaf+124Nzu1oh +jrbd6t4S5RjTwyTfpRo3KAeYbZUufVVvGkxKyXFJMZu14MBDCsmyfVyaiF84QFFc +G01Y8fXr/ccC85l3GrN5M6jGilLALihyqzyTZ9gxeORR37hrzf9cF/hEJVUNvqND +uMWY7UVS0iSnYD4kbIPZI3cUEbxGdUcmPffADAOISgUkDIAYihdFYnXhemGkANsk +ELBNp9HUC+pgMjYJ7HQaK9/1XIff8wDyQwStl2H7zQ5N+pNfJ5S/Y6U365WA8137 +/p0nPUVrChW9pUWwL30K9IsrP0DBKvA/aUsz+DgtxtMjD8KUic8= -----END CERTIFICATE----- -- 2.25.4