Your message dated Thu, 17 Sep 2009 01:56:59 +0000
with message-id <[email protected]>
and subject line Bug#541735: fixed in openssl 0.9.8c-4etch9
has caused the Debian Bug report #541735,
regarding libssl0.9.8: unknown message digest algorithm error in heirloom-mailx
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
541735: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541735
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libssl0.9.8
Version: 0.9.8k-4
Severity: important
With the above version of libssl0.9.8, I get the following error output when
trying to run heirloom-mailx:
> % heirloom-mailx
> Error with certificate at depth: 2 issuer = /C=US/O=VeriSign, Inc./OU=Class 3
> Public Primary Certification Authority subject = /C=US/O=VeriSign,
> Inc./OU=Class 3 Public Primary Certification Authority
> err 7: certificate signature failure
> Continue (y/n)? n
> could not initiate SSL/TLS connection: error:0D0C50A1:asn1 encoding
> routines:ASN1_item_verify:unknown message digest algorithm
This does not occur if I revert back to libssl0.9.8 version 0.9.8k-1.
I believe that I can reproduce the error with the "openssl" command-line
program, using the command:
% openssl s_client -connect calmail.berkeley.edu:143 -CAfile
/etc/ssl/certs/ca-certificates.crt -starttls imap
I have attached the output of running the above command with versions
0.9.8k-4 and 0.9.8k-1 of libssl0.9.8. (In both cases /usr/bin/openssl was
from openssl version 0.9.8k-4.)
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30
Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages libssl0.9.8 depends on:
ii debconf [debconf-2.0] 1.5.27 Debian configuration management sy
ii libc6 2.9-24 GNU C Library: Shared libraries
ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime
libssl0.9.8 recommends no packages.
libssl0.9.8 suggests no packages.
-- debconf information:
libssl0.9.8/restart-failed:
libssl0.9.8/restart-services:
% openssl s_client -connect calmail.berkeley.edu:143 -CAfile
/etc/ssl/certs/ca-certificates.crt -starttls imap
CONNECTED(00000003)
depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
verify return:1
depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
verify return:1
depth=0 /C=US/ST=California/L=Berkeley/O=UC
Berkeley/OU=IST-IS-IAAS/CN=calmail.berkeley.edu
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Berkeley/O=UC
Berkeley/OU=IST-IS-IAAS/CN=calmail.berkeley.edu
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIQeUjBtO4cPDb1XLwR2sFhrTANBgkqhkiG9w0BAQUFADCB
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMh
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBMB4XDTA3MDkyNDAwMDAw
MFoXDTA5MTAxMzIzNTk1OVowgYAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
Zm9ybmlhMREwDwYDVQQHFAhCZXJrZWxleTEUMBIGA1UEChQLVUMgQmVya2VsZXkx
FDASBgNVBAsUC0lTVC1JUy1JQUFTMR0wGwYDVQQDFBRjYWxtYWlsLmJlcmtlbGV5
LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArIbXliYjHAQOEy4yi/Bq
uiSJg/5Na/B7Id8PKV5mIv87VDSbemOakvKU+i+XCViHnwjqlkja/SJkEAEgUgom
IKyrsdcGtJUxbpV92KJy+8QvT34mKTOPIWIqFhGpogXIxZ1xVm97LIWUHzwolzMF
9YOkt03OMRRgxTOmwTOL0BMCAwEAAaOCAdMwggHPMAkGA1UdEwQCMAAwCwYDVR0P
BAQDAgWgMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9TVlJTZWN1cmUtY3JsLnZl
cmlzaWduLmNvbS9TVlJTZWN1cmUyMDA1LmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG
+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9y
cGEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFG/s
r6DdiqTv9SoQZy0/VYK81+8lMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AudmVyaXNpZ24uY29tMEMGCCsGAQUFBzAChjdodHRwOi8vU1ZS
U2VjdXJlLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlMjAwNS1haWEuY2VyMG4G
CCsGAQUFBwEMBGIwYKFeoFwwWjBYMFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoE
FEtruSiWBgy70FI4mymsSweLIQUYMCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNv
bS92c2xvZ28xLmdpZjANBgkqhkiG9w0BAQUFAAOCAQEAifpgIaLKrN5jKw9H0yCw
Di2/a5QW6S0OCom08XqyZK9+crocSb8eJ8VRvAPSmjX3JH2YI9ax+Vs4oC/zDH25
bukDqih8MnOQfuBoGJpqbQB1mcXN+OqYjCdBgTO6CoR8yinpdH40z81ykPlBeJJB
x9j6S3YoDDMmHDP79IgcWANTcMW7NN5zWBqQ0VawRSRZOsXMe+2TCCh3gpIzmzYP
dfEtHhtF8drxljalCuwGY9DzXTcF71gu+3kc4S1VnL1ynBUqN5YetN91TNAgN38u
6+zEyKL/JkFvJpBuJxrQGl5N1G0AT5MvY073jlXSwQPvFJaKkeAM8lxsFwnvv6hT
Pg==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Berkeley/O=UC
Berkeley/OU=IST-IS-IAAS/CN=calmail.berkeley.edu
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3630 bytes and written 354 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 6C4CDBA499897F824514138C17AC3E0EE436EB8EC60A219917A273D7AFA2ABE9
Session-ID-ctx:
Master-Key:
4FE917EA10419AA67C808B3CBEEBA7B6780760C52CD260D8536176812A843BAC8F902FA4676DEDB6FFB4B03DBC3A6E47
Key-Arg : None
Start Time: 1250383531
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
. OK Completed
DONE
% openssl s_client -connect calmail.berkeley.edu:143 -CAfile
/etc/ssl/certs/ca-certificates.crt -starttls imap
CONNECTED(00000003)
depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
verify error:num=7:certificate signature failure
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Berkeley/O=UC
Berkeley/OU=IST-IS-IAAS/CN=calmail.berkeley.edu
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIQeUjBtO4cPDb1XLwR2sFhrTANBgkqhkiG9w0BAQUFADCB
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMh
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBMB4XDTA3MDkyNDAwMDAw
MFoXDTA5MTAxMzIzNTk1OVowgYAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
Zm9ybmlhMREwDwYDVQQHFAhCZXJrZWxleTEUMBIGA1UEChQLVUMgQmVya2VsZXkx
FDASBgNVBAsUC0lTVC1JUy1JQUFTMR0wGwYDVQQDFBRjYWxtYWlsLmJlcmtlbGV5
LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArIbXliYjHAQOEy4yi/Bq
uiSJg/5Na/B7Id8PKV5mIv87VDSbemOakvKU+i+XCViHnwjqlkja/SJkEAEgUgom
IKyrsdcGtJUxbpV92KJy+8QvT34mKTOPIWIqFhGpogXIxZ1xVm97LIWUHzwolzMF
9YOkt03OMRRgxTOmwTOL0BMCAwEAAaOCAdMwggHPMAkGA1UdEwQCMAAwCwYDVR0P
BAQDAgWgMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9TVlJTZWN1cmUtY3JsLnZl
cmlzaWduLmNvbS9TVlJTZWN1cmUyMDA1LmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG
+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9y
cGEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFG/s
r6DdiqTv9SoQZy0/VYK81+8lMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AudmVyaXNpZ24uY29tMEMGCCsGAQUFBzAChjdodHRwOi8vU1ZS
U2VjdXJlLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlMjAwNS1haWEuY2VyMG4G
CCsGAQUFBwEMBGIwYKFeoFwwWjBYMFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoE
FEtruSiWBgy70FI4mymsSweLIQUYMCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNv
bS92c2xvZ28xLmdpZjANBgkqhkiG9w0BAQUFAAOCAQEAifpgIaLKrN5jKw9H0yCw
Di2/a5QW6S0OCom08XqyZK9+crocSb8eJ8VRvAPSmjX3JH2YI9ax+Vs4oC/zDH25
bukDqih8MnOQfuBoGJpqbQB1mcXN+OqYjCdBgTO6CoR8yinpdH40z81ykPlBeJJB
x9j6S3YoDDMmHDP79IgcWANTcMW7NN5zWBqQ0VawRSRZOsXMe+2TCCh3gpIzmzYP
dfEtHhtF8drxljalCuwGY9DzXTcF71gu+3kc4S1VnL1ynBUqN5YetN91TNAgN38u
6+zEyKL/JkFvJpBuJxrQGl5N1G0AT5MvY073jlXSwQPvFJaKkeAM8lxsFwnvv6hT
Pg==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Berkeley/O=UC
Berkeley/OU=IST-IS-IAAS/CN=calmail.berkeley.edu
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3630 bytes and written 354 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 51C807DC5B93C1B9F97C3C8F279D8DCC5CCD8F35B110654777F6A4B88CF1A299
Session-ID-ctx:
Master-Key:
32CF179DEA51737C5509D335AFD8E6D5DEBE449FA08259613BD78B41B8EB03E9CD8F3D101637D105C9EF7C8124915C57
Key-Arg : None
Start Time: 1250383611
Timeout : 300 (sec)
Verify return code: 7 (certificate signature failure)
---
. OK Completed
DONE
--- End Message ---
--- Begin Message ---
Source: openssl
Source-Version: 0.9.8c-4etch9
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:
libcrypto0.9.8-udeb_0.9.8c-4etch9_amd64.udeb
to pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_amd64.udeb
libssl-dev_0.9.8c-4etch9_amd64.deb
to pool/main/o/openssl/libssl-dev_0.9.8c-4etch9_amd64.deb
libssl0.9.8-dbg_0.9.8c-4etch9_amd64.deb
to pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_amd64.deb
libssl0.9.8_0.9.8c-4etch9_amd64.deb
to pool/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_amd64.deb
openssl_0.9.8c-4etch9.diff.gz
to pool/main/o/openssl/openssl_0.9.8c-4etch9.diff.gz
openssl_0.9.8c-4etch9.dsc
to pool/main/o/openssl/openssl_0.9.8c-4etch9.dsc
openssl_0.9.8c-4etch9_amd64.deb
to pool/main/o/openssl/openssl_0.9.8c-4etch9_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.7
Date: Fri, 11 Sep 2009 17:08:07 +0200
Source: openssl
Binary: libssl-dev openssl libssl0.9.8-dbg libcrypto0.9.8-udeb libssl0.9.8
Architecture: source amd64
Version: 0.9.8c-4etch9
Distribution: oldstable-security
Urgency: low
Maintainer: Debian OpenSSL Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.8 - SSL shared libraries
libssl0.9.8-dbg - Symbol tables for libssl and libcrypt
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 541735
Changes:
openssl (0.9.8c-4etch9) oldstable-security; urgency=low
.
* Don't check self signed certificate signatures in X509_verify_cert()
(Closes: #541735)
Files:
853078a1ba61d986d0862b7052e6a47b 1455 utils optional openssl_0.9.8c-4etch9.dsc
1d168f6505755d3d5b2cc5c8dfc4a314 59037 utils optional
openssl_0.9.8c-4etch9.diff.gz
fe9448a60c33599b868d17865789e2cc 1017888 utils optional
openssl_0.9.8c-4etch9_amd64.deb
373b14c8d5d44eba8e2a704d29621e4e 891856 libs important
libssl0.9.8_0.9.8c-4etch9_amd64.deb
d98c62ccbd82164d39df6366fa654308 580330 debian-installer optional
libcrypto0.9.8-udeb_0.9.8c-4etch9_amd64.udeb
730e51554bee77b38922ab4968f7bd8f 2188696 libdevel optional
libssl-dev_0.9.8c-4etch9_amd64.deb
94723e6134595ff2a407ab3cb99c24c9 1655940 libdevel extra
libssl0.9.8-dbg_0.9.8c-4etch9_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCgAGBQJKqpRtAAoJEGpMZM6DE7Xw/OYP/RQhNSpMtvGItUI/ZXIwtrAJ
avTbhyHW76GJTzUS45KuHCgc7neYfK1B7ZlVuqYYuT9lWrWnEtiqrlVZoIRRJEgp
Vr7nVj9xf9fKJA4zsrLn5t4WyV3yQks/hr+aWu1Cfx9RSFP7bIncMzrV3eUnJqEd
Le9OVWmw6QZDZ4OnfkF1+8fCzwN+5q8P7l6mRAnZX1nY5QV6CR3rxbmMb5fgJBzP
tmmWcIYiZs2mImcjDL7rYG+VIEvGheJDVvnC5cwyOHJHTZnkMV5E4uW7kIFTDw/J
WgJW//5q3FIXnnBSi9PTnxc6iTm+jOjBtGU8G7XMpHANkWzl1t26Eh4Yg8hj/Z7I
OtJ7ubQLgb7GJCEdEHmMd28YYWxL4Hy9KG8gidmlL7k82C/F7AXKUt0zK8q17U1K
wvalyv3CV7xAPrdI+MU/xVOyUeaRkH5r1TMsK4xGcRVa5PfQkv/gFjJJZpXcUioy
WJdfv0oSust35Vp2tudMjMU6mmw3JU/pqK/En/nP2H8/ktDzufadKGD44DjJ2OLI
7lla0LUD7xGThJiROYIwBAXmmYjJrO5YCw/jimvXq645CGKp32IDUUX4QeUHsPz4
9ZceGwBoyLg/pAkKo9Mq4/201oMr0qNVHCDUqanJqSjkK3EllqGMBAnyAYsQDu3G
5ixAU0EaGs28PaYbRTQC
=lkkw
-----END PGP SIGNATURE-----
--- End Message ---
