git » debian:kxd » commit 3514380

New patch: upstream_tests-assert-negociated. (Closes: #763212)

author Maximiliano Curia
2014-10-06 16:08:42 UTC
committer Maximiliano Curia
2014-10-06 16:08:42 UTC
parent e10579ad37a58a6489ce72eef1f84cad2538c328
New patch: upstream_tests-assert-negociated. (Closes: #763212)
debian/changelog +1 -1
debian/patches/series +1 -0
debian/patches/upstream_tests-assert-negociated +35 -0 
diff --git a/debian/changelog b/debian/changelog
index a334c68..afd94fa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,6 @@
 kxd (0.12-3~) UNRELEASED; urgency=medium
 
-  * 
+  * New patch: upstream_tests-assert-negociated. (Closes: #763212)
 
  -- Maximiliano Curia <maxy@debian.org>  Mon, 06 Oct 2014 18:03:00 +0200
 
diff --git a/debian/patches/series b/debian/patches/series
index 3eb0287..ab007b7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 upstream_scripts-Fix-kxd-add-client-key-missing-fi-and-wrong-.patch
 upstream_tests-Use-LOGNAME-instead-of-os.getlogin.patch
+upstream_tests-assert-negociated
diff --git a/debian/patches/upstream_tests-assert-negociated b/debian/patches/upstream_tests-assert-negociated
new file mode 100644
index 0000000..e35df05
--- /dev/null
+++ b/debian/patches/upstream_tests-assert-negociated
@@ -0,0 +1,35 @@
+commit a3195ebb69084ea7365324ef69f96ad17c5bd4ae
+Author: Alberto Bertogli <albertito@blitiri.com.ar>
+Date:   Sun Oct 5 21:45:13 2014 +0100
+
+    tests: Assert negotiated cipher secret size >= 128 bits
+    
+    Currently, the tests assert that the negotiated cipher secret size is > 128
+    bits. Due to recent changes (probably in openssl), in Debian testing we end up
+    negotiating ECDHE-RSA-AES128-GCM-SHA256 which has a 128 bit key.
+    
+    That causes the test to fail.
+    
+    There's nothing wrong with 128 bit keys in this context, and probably the
+    original intention was to use >= but got stuck with > as it worked.
+    
+    While the value of this check is arguable, let's keep it for now, just
+    changing the check to >= so 128 bit secrets don't cause the test to fail.
+    
+    Signed-off-by: Alberto Bertogli <albertito@blitiri.com.ar>
+
+diff --git a/tests/run_tests b/tests/run_tests
+index 23bfadf..85531ee 100755
+--- a/tests/run_tests
++++ b/tests/run_tests
+@@ -404,8 +404,8 @@ class TrickyRequests(TestCase):
+                                certfile=self.client.cert_path())
+ 
+         # We don't check the cipher itself, as it depends on the environment,
+-        # but we should be using > 128 bit secrets.
+-        self.assertTrue(sock.cipher()[2] > 128)
++        # but we should be using >= 128 bit secrets.
++        self.assertTrue(sock.cipher()[2] >= 128)
+ 
+         server_cert = ssl.DER_cert_to_PEM_cert(
+             sock.getpeercert(binary_form=True))