Your message dated Wed, 18 May 2016 22:47:16 +0000
with message-id <[email protected]>
and subject line Bug#774882: fixed in openssl 1.0.1t-1+deb8u1
has caused the Debian Bug report #774882,
regarding libssl1.0.0: Server certificate verification fails
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
774882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774882
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libssl1.0.0
Version: 1.0.1k-3+deb8u2
Severity: normal
Dear Maintainer,
openssl in jessie fails to verify certificate of server, while versions from
squeeze, wheezy and
stretch work:
as@jessie:~$ openssl s_client -CApath /etc/ssl/certs -connect
ohjelmat.posti.fi:443
CONNECTED(00000003)
depth=2 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU =
"(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=FI/ST=Etela-Suomen laani/L=Helsinki/O=Itella Oyj/OU=Web
Administration/CN=ohjelmat.posti.fi
i:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
1 s:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006
thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006
thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification
Services Division/CN=Thawte Premium Server
CA/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEvDCCA6SgAwIBAgIQY61tuJme9u+ZSSZ9WpUZQzANBgkqhkiG9w0BAQUFADA8
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRYwFAYDVQQDEw1U
aGF3dGUgU1NMIENBMB4XDTE0MDMwMTAwMDAwMFoXDTE2MDQyOTIzNTk1OVowgYsx
CzAJBgNVBAYTAkZJMRswGQYDVQQIExJFdGVsYS1TdW9tZW4gbGFhbmkxETAPBgNV
BAcUCEhlbHNpbmtpMRMwEQYDVQQKFApJdGVsbGEgT3lqMRswGQYDVQQLFBJXZWIg
QWRtaW5pc3RyYXRpb24xGjAYBgNVBAMUEW9oamVsbWF0LnBvc3RpLmZpMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21I33Kcnn4NM32IAJh+hGpJtKDBI
6gahx3UxZbntLz60eW6T6HQk1Y/AoFUooVIyTI4D5FlteP79se43GtaktSMy+BPE
fpmiUZhmeYLXkoSG88fDJ6H7cvOdMKrm4QDgVGM2BxNMi0YbYAJTbU2/OxIEII0H
nmec12mecCw2/nNyj873ezLJaDt6fNNOYhdkjy2HgOameraUPnXVVFT7bbzLRGge
Xu+I8F/iGaOk07lHmZ5aeXGcXMetR5wPveE6+xnrn/w0SH2pNp2F4UPrpm8+UyWn
bjFSQPIDxL60wtgGDwb1Sp6/rRsRvjhBNXGZcneTtC3G89vgtuCPWlJHIQIDAQAB
o4IBaDCCAWQwHAYDVR0RBBUwE4IRb2hqZWxtYXQucG9zdGkuZmkwCQYDVR0TBAIw
ADBCBgNVHSAEOzA5MDcGCmCGSAGG+EUBBzYwKTAnBggrBgEFBQcCARYbaHR0cHM6
Ly93d3cudGhhd3RlLmNvbS9jcHMvMA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAW
gBSnooO7NEVAPfzVME8SuT6hAZ/22zA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8v
c3ZyLW92LWNybC50aGF3dGUuY29tL1RoYXd0ZU9WLmNybDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwaQYIKwYBBQUHAQEEXTBbMCIGCCsGAQUFBzABhhZo
dHRwOi8vb2NzcC50aGF3dGUuY29tMDUGCCsGAQUFBzAChilodHRwOi8vc3ZyLW92
LWFpYS50aGF3dGUuY29tL1RoYXd0ZU9WLmNlcjANBgkqhkiG9w0BAQUFAAOCAQEA
CHLHwGsRUWFAFDvQU2mABll+n9C54x/Me6/FPGxf5A4oF4EcC7WH5b5XugVrw0D7
OnpQ/ixqpCMWU22Mv7MMvU85UCeuWOYmbT8bZ5atvZwgqGXfl1y+aH2vtlMLtc6R
LWqdTgWRtTDBwnp0oHaXgR0fRMIEtpk1SFRcxZPaG3F7fsVBZBvgvmg7ruab07ST
Iq1JOVw1QgnP5bs0CqaL+qnbT2rs4NiL7EzVi8ZtFSssi/4D8bj/b2umryf/ZEg6
gYr5n3tTaVND6cXJi9SAPGuSvEKEm9t7trbjiInTCkuXXdt+OURvO0Z5AGxEC3aO
3xZfqt5mqyF3Uwt/oCrUsA==
-----END CERTIFICATE-----
subject=/C=FI/ST=Etela-Suomen laani/L=Helsinki/O=Itella Oyj/OU=Web
Administration/CN=ohjelmat.posti.fi
issuer=/C=US/O=Thawte, Inc./CN=Thawte SSL CA
---
No client certificate CA names sent
---
SSL handshake has read 4333 bytes and written 493 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: BD155C696B0DC76FBA2DE718DF4A2467F695324777CDD7F85AC5C16F1EE10D10
Session-ID-ctx:
Master-Key:
FBB974115C1116B15E147A8627C707406DA7A115214ACBB100C38A2F4B913133314601A6A0ADC10C1A1397AAF634F7EC
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - 4f ba 0d 4c f2 e5 35 4f-43 4b 4c f2 a8 42 cc da O..L..5OCKL..B..
0010 - 5b 46 ef c5 82 1d 34 cd-9a bd f6 f5 5e 9b 96 0a [F....4.....^...
0020 - 92 fe 03 02 39 cd 33 fd-41 02 f5 36 47 9d 79 99 ....9.3.A..6G.y.
0030 - 3f 61 be 9b be 25 02 45-a9 f2 14 cd 72 a9 96 f5 ?a...%.E....r...
0040 - a6 fe 23 ca f9 dc 36 a9-8d a1 41 bc a2 ab e1 8f ..#...6...A.....
0050 - 0a 56 98 f9 77 3d b0 4a-3e f8 ee b3 45 fb 24 60 .V..w=.J>...E.$`
0060 - 30 5d a5 62 a6 30 cf 5e-e8 af 2b 44 b7 cd 25 43 0].b.0.^..+D..%C
0070 - 00 81 90 3b e4 e0 ac 43-1d 5f 0f 91 ce f6 a3 ec ...;...C._......
0080 - 0d 3f 8e c5 14 30 d9 72-af 32 8b 68 81 29 a8 bd .?...0.r.2.h.)..
0090 - c6 ae 74 98 3f ba e3 14-1b 2c b5 53 ee a1 ae 33 ..t.?....,.S...3
00a0 - fe 60 42 08 8f 43 95 fd-c4 93 fd 93 16 4a 7c 72 .`B..C.......J|r
00b0 - c8 29 84 6b 82 9f 75 db-d5 90 43 e4 b1 57 62 a1 .).k..u...C..Wb.
Start Time: 1453901893
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
-- System Information:
Debian Release: 8.3
APT prefers stable
APT policy: (900, 'stable'), (890, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.3.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libssl1.0.0 depends on:
ii debconf [debconf-2.0] 1.5.56
ii libc6 2.19-18+deb8u2
ii multiarch-support 2.19-18+deb8u2
libssl1.0.0 recommends no packages.
libssl1.0.0 suggests no packages.
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: openssl
Source-Version: 1.0.1t-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 May 2016 15:56:09 +0200
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc
libssl1.0.0-dbg
Architecture: source all amd64
Version: 1.0.1t-1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian OpenSSL Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
libssl-dev - Secure Sockets Layer toolkit - development files
libssl-doc - Secure Sockets Layer toolkit - development documentation
libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
openssl - Secure Sockets Layer toolkit - cryptographic utility
Closes: 774882 807057
Changes:
openssl (1.0.1t-1+deb8u1) jessie; urgency=medium
.
[ Sebastian Andrzej Siewior ]
* Update to 1.0.1t stable release (drop applied patches and refresh existing
ones).
- Use alternate trust chains part of 1.0.1n (Closes: #774882).
- Use correct digest when exporting keying material (Closes: #807057)
- Fix CVE-2015-3197 (not affected, SSLv2 disabled)
- Fix CVE-2015-1793 (1.0.1n+ is affected and last upload was k)
Checksums-Sha1:
1a68da2267c2596dfecb5f7bf0934a192fba352f 2255 openssl_1.0.1t-1+deb8u1.dsc
a684ba59d6721a90f354b1953e19611646be7e7d 4556447 openssl_1.0.1t.orig.tar.gz
0f27b341bd954a28636e9d6734a0ec920b552532 79488
openssl_1.0.1t-1+deb8u1.debian.tar.xz
55e4460555d9803f18d63eb1d031d58bc34c4053 1166672
libssl-doc_1.0.1t-1+deb8u1_all.deb
bed5bad56ddcfd547184293df163f94cb657ec62 664614
openssl_1.0.1t-1+deb8u1_amd64.deb
19e3d6d9ca8be01bab2fa3443b11fd1ad0b198d3 1044562
libssl1.0.0_1.0.1t-1+deb8u1_amd64.deb
ad9c9a5c143355e51c7d826d5d054e780959a8f1 643516
libcrypto1.0.0-udeb_1.0.1t-1+deb8u1_amd64.udeb
8186f8c2255bd017b502ca1aa661d25d736b91a0 1281922
libssl-dev_1.0.1t-1+deb8u1_amd64.deb
5500a78f3dd89509e906422d1fe7177b21faa74a 2815714
libssl1.0.0-dbg_1.0.1t-1+deb8u1_amd64.deb
Checksums-Sha256:
3e0af48183e3e20da6b71b4166a88a4663bc628973e78e3543d57f3333363b3e 2255
openssl_1.0.1t-1+deb8u1.dsc
4a6ee491a2fdb22e519c76fdc2a628bb3cec12762cd456861d207996c8a07088 4556447
openssl_1.0.1t.orig.tar.gz
911367ab71df2542858d401f4ffbc7fa36f4de8412b4e47948aa91cf5079bf49 79488
openssl_1.0.1t-1+deb8u1.debian.tar.xz
5b308b4c7b0c120a6b6d6c6ef41ff092f5f56f81be4c43af8c2969b24b364309 1166672
libssl-doc_1.0.1t-1+deb8u1_all.deb
7bd8b68b9627819e3b5585be36411dcb9b53b91b8ebbb1ce63ef67f5eefb40f3 664614
openssl_1.0.1t-1+deb8u1_amd64.deb
ed55f548aff094394871604966aa3d450f59f504cbdb34e3889386b2628fb6d7 1044562
libssl1.0.0_1.0.1t-1+deb8u1_amd64.deb
6c4d282298390cc9d40e6ece2b3e1a749c272813b11a8b3bc01b1480afda712a 643516
libcrypto1.0.0-udeb_1.0.1t-1+deb8u1_amd64.udeb
8a45beaf4fee31ddfef55caf35bb4d1f04c45cb3f5a9815fd4e88da3ac9f8bae 1281922
libssl-dev_1.0.1t-1+deb8u1_amd64.deb
40873618e0fee7a8efb629ab9f21de2b32ebfdf2035a935ed3f55ea36152bc93 2815714
libssl1.0.0-dbg_1.0.1t-1+deb8u1_amd64.deb
Files:
c5d7c121c046ca3e4a4b58c26b00dec8 2255 utils optional
openssl_1.0.1t-1+deb8u1.dsc
9837746fcf8a6727d46d22ca35953da1 4556447 utils optional
openssl_1.0.1t.orig.tar.gz
21584a79034c751255fb76da351f075d 79488 utils optional
openssl_1.0.1t-1+deb8u1.debian.tar.xz
d7f1d076c43f43175ee8ca1dd0272de0 1166672 doc optional
libssl-doc_1.0.1t-1+deb8u1_all.deb
e17f906c412f6db70b22156ef5fb2cbc 664614 utils optional
openssl_1.0.1t-1+deb8u1_amd64.deb
b5c68339c19401fe2769e5d1d0155381 1044562 libs important
libssl1.0.0_1.0.1t-1+deb8u1_amd64.deb
9afc148605d568e50ade2ba2e1fed0c6 643516 debian-installer optional
libcrypto1.0.0-udeb_1.0.1t-1+deb8u1_amd64.udeb
95c032b0de0fe0bf19585135e94d81e2 1281922 libdevel optional
libssl-dev_1.0.1t-1+deb8u1_amd64.deb
3fb82d512dc480585138210f277ad8ed 2815714 debug extra
libssl1.0.0-dbg_1.0.1t-1+deb8u1_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXLK1aAAoJEOPE3c0eTBJExm0QAJxMhNX2xdDeESWP6oO8PlL4
H5uqON5S98YbTSYQPPaszqwOn2J3fsK+vPDQBPJk95nnt0H7Mf9+I5MDagSqbi9t
NkLXeGcV0YHmhf18GN5+Vg37K53tv0inl7NdHesQuIJQC683xjEeK1voa06ouxCn
PvV+Ug3y+iSBZaYxaZmOJUmA8qX0bAsQpUd5MN0dFxTUwt+oKRPzKY8R+/qofSBh
GtboQf9w/4uH9thjKpO9d8gfx1ONOXCLKlWnCKJTsiibxhChxNphTp4Dec9rqi7l
fwkPqXprgowUP2dXhopAH1hXMUdf3bvRmiyRWP8P6tQGT6bXlW9OW7XV2Y1RXQLY
7s3lVfeZqKo2zlU9SEkNhxctEUIY/44m70F6bajE/m4YcDu8jbH3soTysv2CJSnc
DJI/ZN+fSvcdWf+9TjovE4LGf9MOByjJ2B5vzyof2Frhc43EmNh1PxyWDavLGYkd
hnHq7EHJsPFabpp9ZVG5gau5DgQanZnZdDgHzUd3ApX7fDARQxs0P1ltMnl9KLAo
ZAihGS/IHy72xvzvmQnvHocOUx52us8Gp8DQBxnFRSBI5D2vygz8Co4iJvlaI+UV
06q8yvdh8zNfZBZb6UVFl2Hav1yoB51VUGmPPlNTbswOyTkrMHPlbogqlDKdxEqX
VfwYNGX9miYl1JSEk9Wc
=VDFi
-----END PGP SIGNATURE-----
--- End Message ---
