Your message dated Fri, 11 Sep 2009 16:37:23 +0000
with message-id <[email protected]>
and subject line Bug#541735: fixed in openssl 0.9.8k-5
has caused the Debian Bug report #541735,
regarding libssl0.9.8: unknown message digest algorithm error in heirloom-mailx
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
541735: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541735
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libssl0.9.8
Version: 0.9.8k-4
Severity: important
With the above version of libssl0.9.8, I get the following error output when
trying to run heirloom-mailx:
> % heirloom-mailx
> Error with certificate at depth: 2 issuer = /C=US/O=VeriSign, Inc./OU=Class 3
> Public Primary Certification Authority subject = /C=US/O=VeriSign,
> Inc./OU=Class 3 Public Primary Certification Authority
> err 7: certificate signature failure
> Continue (y/n)? n
> could not initiate SSL/TLS connection: error:0D0C50A1:asn1 encoding
> routines:ASN1_item_verify:unknown message digest algorithm
This does not occur if I revert back to libssl0.9.8 version 0.9.8k-1.
I believe that I can reproduce the error with the "openssl" command-line
program, using the command:
% openssl s_client -connect calmail.berkeley.edu:143 -CAfile
/etc/ssl/certs/ca-certificates.crt -starttls imap
I have attached the output of running the above command with versions
0.9.8k-4 and 0.9.8k-1 of libssl0.9.8. (In both cases /usr/bin/openssl was
from openssl version 0.9.8k-4.)
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30
Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages libssl0.9.8 depends on:
ii debconf [debconf-2.0] 1.5.27 Debian configuration management sy
ii libc6 2.9-24 GNU C Library: Shared libraries
ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime
libssl0.9.8 recommends no packages.
libssl0.9.8 suggests no packages.
-- debconf information:
libssl0.9.8/restart-failed:
libssl0.9.8/restart-services:
% openssl s_client -connect calmail.berkeley.edu:143 -CAfile
/etc/ssl/certs/ca-certificates.crt -starttls imap
CONNECTED(00000003)
depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
verify return:1
depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
verify return:1
depth=0 /C=US/ST=California/L=Berkeley/O=UC
Berkeley/OU=IST-IS-IAAS/CN=calmail.berkeley.edu
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Berkeley/O=UC
Berkeley/OU=IST-IS-IAAS/CN=calmail.berkeley.edu
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIQeUjBtO4cPDb1XLwR2sFhrTANBgkqhkiG9w0BAQUFADCB
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMh
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBMB4XDTA3MDkyNDAwMDAw
MFoXDTA5MTAxMzIzNTk1OVowgYAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
Zm9ybmlhMREwDwYDVQQHFAhCZXJrZWxleTEUMBIGA1UEChQLVUMgQmVya2VsZXkx
FDASBgNVBAsUC0lTVC1JUy1JQUFTMR0wGwYDVQQDFBRjYWxtYWlsLmJlcmtlbGV5
LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArIbXliYjHAQOEy4yi/Bq
uiSJg/5Na/B7Id8PKV5mIv87VDSbemOakvKU+i+XCViHnwjqlkja/SJkEAEgUgom
IKyrsdcGtJUxbpV92KJy+8QvT34mKTOPIWIqFhGpogXIxZ1xVm97LIWUHzwolzMF
9YOkt03OMRRgxTOmwTOL0BMCAwEAAaOCAdMwggHPMAkGA1UdEwQCMAAwCwYDVR0P
BAQDAgWgMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9TVlJTZWN1cmUtY3JsLnZl
cmlzaWduLmNvbS9TVlJTZWN1cmUyMDA1LmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG
+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9y
cGEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFG/s
r6DdiqTv9SoQZy0/VYK81+8lMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AudmVyaXNpZ24uY29tMEMGCCsGAQUFBzAChjdodHRwOi8vU1ZS
U2VjdXJlLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlMjAwNS1haWEuY2VyMG4G
CCsGAQUFBwEMBGIwYKFeoFwwWjBYMFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoE
FEtruSiWBgy70FI4mymsSweLIQUYMCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNv
bS92c2xvZ28xLmdpZjANBgkqhkiG9w0BAQUFAAOCAQEAifpgIaLKrN5jKw9H0yCw
Di2/a5QW6S0OCom08XqyZK9+crocSb8eJ8VRvAPSmjX3JH2YI9ax+Vs4oC/zDH25
bukDqih8MnOQfuBoGJpqbQB1mcXN+OqYjCdBgTO6CoR8yinpdH40z81ykPlBeJJB
x9j6S3YoDDMmHDP79IgcWANTcMW7NN5zWBqQ0VawRSRZOsXMe+2TCCh3gpIzmzYP
dfEtHhtF8drxljalCuwGY9DzXTcF71gu+3kc4S1VnL1ynBUqN5YetN91TNAgN38u
6+zEyKL/JkFvJpBuJxrQGl5N1G0AT5MvY073jlXSwQPvFJaKkeAM8lxsFwnvv6hT
Pg==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Berkeley/O=UC
Berkeley/OU=IST-IS-IAAS/CN=calmail.berkeley.edu
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3630 bytes and written 354 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 6C4CDBA499897F824514138C17AC3E0EE436EB8EC60A219917A273D7AFA2ABE9
Session-ID-ctx:
Master-Key:
4FE917EA10419AA67C808B3CBEEBA7B6780760C52CD260D8536176812A843BAC8F902FA4676DEDB6FFB4B03DBC3A6E47
Key-Arg : None
Start Time: 1250383531
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
. OK Completed
DONE
% openssl s_client -connect calmail.berkeley.edu:143 -CAfile
/etc/ssl/certs/ca-certificates.crt -starttls imap
CONNECTED(00000003)
depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
verify error:num=7:certificate signature failure
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Berkeley/O=UC
Berkeley/OU=IST-IS-IAAS/CN=calmail.berkeley.edu
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIQeUjBtO4cPDb1XLwR2sFhrTANBgkqhkiG9w0BAQUFADCB
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMh
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBMB4XDTA3MDkyNDAwMDAw
MFoXDTA5MTAxMzIzNTk1OVowgYAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
Zm9ybmlhMREwDwYDVQQHFAhCZXJrZWxleTEUMBIGA1UEChQLVUMgQmVya2VsZXkx
FDASBgNVBAsUC0lTVC1JUy1JQUFTMR0wGwYDVQQDFBRjYWxtYWlsLmJlcmtlbGV5
LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArIbXliYjHAQOEy4yi/Bq
uiSJg/5Na/B7Id8PKV5mIv87VDSbemOakvKU+i+XCViHnwjqlkja/SJkEAEgUgom
IKyrsdcGtJUxbpV92KJy+8QvT34mKTOPIWIqFhGpogXIxZ1xVm97LIWUHzwolzMF
9YOkt03OMRRgxTOmwTOL0BMCAwEAAaOCAdMwggHPMAkGA1UdEwQCMAAwCwYDVR0P
BAQDAgWgMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9TVlJTZWN1cmUtY3JsLnZl
cmlzaWduLmNvbS9TVlJTZWN1cmUyMDA1LmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG
+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9y
cGEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFG/s
r6DdiqTv9SoQZy0/VYK81+8lMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AudmVyaXNpZ24uY29tMEMGCCsGAQUFBzAChjdodHRwOi8vU1ZS
U2VjdXJlLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlMjAwNS1haWEuY2VyMG4G
CCsGAQUFBwEMBGIwYKFeoFwwWjBYMFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoE
FEtruSiWBgy70FI4mymsSweLIQUYMCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNv
bS92c2xvZ28xLmdpZjANBgkqhkiG9w0BAQUFAAOCAQEAifpgIaLKrN5jKw9H0yCw
Di2/a5QW6S0OCom08XqyZK9+crocSb8eJ8VRvAPSmjX3JH2YI9ax+Vs4oC/zDH25
bukDqih8MnOQfuBoGJpqbQB1mcXN+OqYjCdBgTO6CoR8yinpdH40z81ykPlBeJJB
x9j6S3YoDDMmHDP79IgcWANTcMW7NN5zWBqQ0VawRSRZOsXMe+2TCCh3gpIzmzYP
dfEtHhtF8drxljalCuwGY9DzXTcF71gu+3kc4S1VnL1ynBUqN5YetN91TNAgN38u
6+zEyKL/JkFvJpBuJxrQGl5N1G0AT5MvY073jlXSwQPvFJaKkeAM8lxsFwnvv6hT
Pg==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Berkeley/O=UC
Berkeley/OU=IST-IS-IAAS/CN=calmail.berkeley.edu
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3630 bytes and written 354 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 51C807DC5B93C1B9F97C3C8F279D8DCC5CCD8F35B110654777F6A4B88CF1A299
Session-ID-ctx:
Master-Key:
32CF179DEA51737C5509D335AFD8E6D5DEBE449FA08259613BD78B41B8EB03E9CD8F3D101637D105C9EF7C8124915C57
Key-Arg : None
Start Time: 1250383611
Timeout : 300 (sec)
Verify return code: 7 (certificate signature failure)
---
. OK Completed
DONE
--- End Message ---
--- Begin Message ---
Source: openssl
Source-Version: 0.9.8k-5
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:
libcrypto0.9.8-udeb_0.9.8k-5_amd64.udeb
to pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-5_amd64.udeb
libssl-dev_0.9.8k-5_amd64.deb
to pool/main/o/openssl/libssl-dev_0.9.8k-5_amd64.deb
libssl0.9.8-dbg_0.9.8k-5_amd64.deb
to pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-5_amd64.deb
libssl0.9.8_0.9.8k-5_amd64.deb
to pool/main/o/openssl/libssl0.9.8_0.9.8k-5_amd64.deb
openssl_0.9.8k-5.diff.gz
to pool/main/o/openssl/openssl_0.9.8k-5.diff.gz
openssl_0.9.8k-5.dsc
to pool/main/o/openssl/openssl_0.9.8k-5.dsc
openssl_0.9.8k-5_amd64.deb
to pool/main/o/openssl/openssl_0.9.8k-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 11 Sep 2009 15:42:32 +0200
Source: openssl
Binary: openssl libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source amd64
Version: 0.9.8k-5
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSL Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.8 - SSL shared libraries
libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 541735
Changes:
openssl (0.9.8k-5) unstable; urgency=low
.
* Don't check self signed certificate signatures in X509_verify_cert()
(Closes: #541735)
Checksums-Sha1:
497c567299e2806c7ea8b1f77e0aa0df8460b8bc 1947 openssl_0.9.8k-5.dsc
f367b942cd08db9e9ae2628b759e536222397588 60164 openssl_0.9.8k-5.diff.gz
de5893849c407047bc618aea171dcb4ff63bc3d7 1049550 openssl_0.9.8k-5_amd64.deb
8ccd807f81b59d1eb67d2be568b1e56fbd3548ce 979272 libssl0.9.8_0.9.8k-5_amd64.deb
43654dff5695e0256bf3adf955c35c92771cfc5b 635690
libcrypto0.9.8-udeb_0.9.8k-5_amd64.udeb
701ed7b8a58aa3294797c7d922e110eb0165346a 2263538 libssl-dev_0.9.8k-5_amd64.deb
d7e7050f9744b47f2ce0d582334d770671d8e79a 1630936
libssl0.9.8-dbg_0.9.8k-5_amd64.deb
Checksums-Sha256:
c5717115066c811433034cda3309c16f2dae76ac7ef58b4c27e05d252d1bdabe 1947
openssl_0.9.8k-5.dsc
a9fac14568bb182c341496eb3b2f59977bdf965f7071702d249f1da704fdbc28 60164
openssl_0.9.8k-5.diff.gz
fb7d49edf5f107cd5e2c9a70b454f539757e533c59b30c8ba07ac6cd1f36ef33 1049550
openssl_0.9.8k-5_amd64.deb
d822e67a0e236e35225cc91fd1a7d779a19d4c6a7bf5bb285c52f877b2738639 979272
libssl0.9.8_0.9.8k-5_amd64.deb
afb8fde3663fd1e2216606e2561141370170b8b74405441bd78057501d327b4d 635690
libcrypto0.9.8-udeb_0.9.8k-5_amd64.udeb
a2ba3cea3ef4d93c3d55698c14f0b42889cbfe295aa6df4a339d59854263b085 2263538
libssl-dev_0.9.8k-5_amd64.deb
3ef0ac4f7e7f05043f75bbbe64efd491c975b4cf3ccde40369dc163bea79257c 1630936
libssl0.9.8-dbg_0.9.8k-5_amd64.deb
Files:
afb14d5a19e3cb62b631c68f4db97239 1947 utils optional openssl_0.9.8k-5.dsc
fd638575bb8f4e70041915f863d1cbde 60164 utils optional openssl_0.9.8k-5.diff.gz
e868c8923b4d4533286aa4450b20167f 1049550 utils optional
openssl_0.9.8k-5_amd64.deb
d45be967ca753cbe9e8e744f2feebb92 979272 libs important
libssl0.9.8_0.9.8k-5_amd64.deb
f369cca57d9fe17165dc38b376f691e7 635690 debian-installer optional
libcrypto0.9.8-udeb_0.9.8k-5_amd64.udeb
82fca49874b898abaf254cd5b3d21247 2263538 libdevel optional
libssl-dev_0.9.8k-5_amd64.deb
d10491086c6c7ea5232d675f76b8182c 1630936 debug extra
libssl0.9.8-dbg_0.9.8k-5_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCgAGBQJKqmRIAAoJEGpMZM6DE7XwKxcP/2pR0Z3+3YcqSFSiIj2lPqHI
3hgC0kUJF8KvL66wnWcxhMWtapJo5nk0sxp4sYqhaqaDm4StmQqDvHpuoXas9Wa0
HLqmmpTC/CQLpayBlvs/OkKL/a28y2J/VipMwTOLfHmtGg+uVWxCCueLm1dVjc1R
9fyZ3ei1xjQeDYOQYHgE1D9oewkyvkSYYGQ3FZ9QDak336rcOp1dyvUnuSZdwmXO
WNk5IVTgegovoadwHdi+EXdx8jGoFryN5yZr2we0VmW2PaG3Zslx4DQXsdx+cP9/
OzOxVxW8TE7Mrn5WJFOPREODk/s7g7pcJjh3h4UzE47sk5/WFNCluAGkiCSO+nb6
QXLSDr24wLs1N25m5YGvZg0tq33WuJnrCspD9sXrO32qymQIKOvQgRvuyZaHxiGe
TE8FgyMMWAjm/y/Goygq8tTYhJSGzkcF8dO5H4SlYvXRFP1uUJq6k/OASZA9VCZJ
7nSxX6QYoqGa0R1WuFaROHUncRHjDk4YGeFvKGQyrap5i2LedksnTt4298lHczBy
cqVCmSCSL+IJQ43LW8yQ8S6icMnK755bC1gpwHhxW5cAdMG5FaAcYNmbNjA+1kvL
1hc2Fyog5dfIZXhoCx+F7tCxiLH/dktqvJ99hp7/NLqtvq4jMfd6aeHJT+r+huba
Gi8QQ2D/jGPgynpD9vzR
=1Spt
-----END PGP SIGNATURE-----
--- End Message ---
