Your message dated Thu, 28 Nov 2013 22:32:32 +0000
with message-id <e1vma8p-0004sc...@franck.debian.org>
and subject line Bug#729480: fixed in lighttpd 1.4.28-2+squeeze1.5
has caused the Debian Bug report #729480,
regarding SSL connections with client certificates no longer working
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
729480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729480
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lighttpd
Version: 1.4.31-4+deb7u1
Severity: important
I am running a webserver that only offers https and normally requires
client certificates. When I install the security upgrade
1.4.31-4+deb7u1 and restart lighttpd, with some delay (when I keep
hitting reload in a client, it works 5-10 times) no more connections
with client certificates succeed.
Firefox reports "connection was interrupted", chrome
ERR_SSL_PROTOCOL_ERROR, lighttpd's error log fills with messages saying:
(connections.c.305) SSL: 1 error:140D9115:SSL
routines:SSL_GET_PREV_SESSION:session id context uninitialized
"regualar" https-Connections (w/o client certificate) continue to
work. After restarting lighttpd, everything works again for a little
while, then trouble starts again.
With lighttpd 1.4.31-4 everything works fine; this problem definitely
has been introduced with the security patches for 1.4.31-4+deb7u1.
--- End Message ---
--- Begin Message ---
Source: lighttpd
Source-Version: 1.4.28-2+squeeze1.5
We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 729...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <s...@debian.org> (supplier of updated lighttpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 14 Nov 2013 11:07:04 +0100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost
lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet
lighttpd-mod-webdav
Architecture: source all i386
Version: 1.4.28-2+squeeze1.5
Distribution: oldstable-security
Urgency: low
Maintainer: Debian lighttpd maintainers
<pkg-lighttpd-maintain...@lists.alioth.debian.org>
Changed-By: Stefan Fritsch <s...@debian.org>
Description:
lighttpd - A fast webserver with minimal memory footprint
lighttpd-doc - Documentation for lighttpd
lighttpd-mod-cml - Cache meta language module for lighttpd
lighttpd-mod-magnet - Control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 729480 729555
Changes:
lighttpd (1.4.28-2+squeeze1.5) oldstable-security; urgency=low
.
* Non-maintainer upload by the Security Team.
* Fix regression introduced by fix for cve-2013-4508, related to client
certificates and SNI. Closes: #729555, #729480
Checksums-Sha1:
e79fb8e034a5f9244817f6bcdc11ac9e44cad638 1676 lighttpd_1.4.28-2+squeeze1.5.dsc
509a23fa34e4d2b03d67bec7b3cb436d886de9f2 35526
lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz
b407af03ebba354f60148755f0b8dd478d9d36eb 64012
lighttpd-doc_1.4.28-2+squeeze1.5_all.deb
2e1842ba0b6c4016ca31eacdd206c199863b0aae 276822
lighttpd_1.4.28-2+squeeze1.5_i386.deb
09c3b01054f753d73f7eb38b915f256a1ee622fc 19238
lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.5_i386.deb
2acf284248bb7ce8d8efc7ac0b066ed990ace92e 20776
lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.5_i386.deb
51f733cfbe71d4ccbdabc9bc246cb4b2fd2996a7 23772
lighttpd-mod-cml_1.4.28-2+squeeze1.5_i386.deb
597b2c5b95722b6f644a2afc3e75d2e98331d737 24784
lighttpd-mod-magnet_1.4.28-2+squeeze1.5_i386.deb
fd90be1d0995fcea022cd65cce7bf6caa598790e 31720
lighttpd-mod-webdav_1.4.28-2+squeeze1.5_i386.deb
Checksums-Sha256:
ef00a8b7df9a5e780bda986c13cd7f6eb6bfacc285ab1e426834f506d9c70529 1676
lighttpd_1.4.28-2+squeeze1.5.dsc
718dd85902aeca85218ebae554a0286f782576f7e2597f5aed871b8dcca5a7fc 35526
lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz
a0ac49b568be83e5e6b9d4fbb3b5617cf6c5d4c1f9202e991b755fd0c205ad95 64012
lighttpd-doc_1.4.28-2+squeeze1.5_all.deb
ae9016fbcf3d94b2ab4f92dafc7658dfe92b41b52420e162f1ecd7cf51a230f9 276822
lighttpd_1.4.28-2+squeeze1.5_i386.deb
7659bcb2b2fc5b1aba372e547bf926979d90b08a8f8e2a67ec5f7460a9e89c43 19238
lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.5_i386.deb
45a496b7f7bcdf79f3c5eaa7ad5454693835780c33a2b5b59b0833f0c6ce2fad 20776
lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.5_i386.deb
12e0eb2413e9af29bc8afac167b3c964e2511ed04d7b8ac31cb178d8de79697b 23772
lighttpd-mod-cml_1.4.28-2+squeeze1.5_i386.deb
42fe011a019f800648be41f6403dbdc6bc9ec366f83f16682ed802bf035c0232 24784
lighttpd-mod-magnet_1.4.28-2+squeeze1.5_i386.deb
e54609970bc0abe16a6ca7257f94a1247005cdf263f0fb7749c0428ef24145f6 31720
lighttpd-mod-webdav_1.4.28-2+squeeze1.5_i386.deb
Files:
0f68e69ea5acbf3cb4fe9019823ef06d 1676 httpd optional
lighttpd_1.4.28-2+squeeze1.5.dsc
bdc45661b02e5d0e39f91395a0f04505 35526 httpd optional
lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz
6b2f600966ac44af880244b015b9a6b4 64012 doc optional
lighttpd-doc_1.4.28-2+squeeze1.5_all.deb
2625dcd339883b912a9292cbaf239b1b 276822 httpd optional
lighttpd_1.4.28-2+squeeze1.5_i386.deb
60185ea2f13a36808bad3b3a9e1cada1 19238 httpd optional
lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.5_i386.deb
e33d260bb2837a283045d5b2e2bfa05c 20776 httpd optional
lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.5_i386.deb
afe4a02265c89a02b5cf9ab8d4c9bf60 23772 httpd optional
lighttpd-mod-cml_1.4.28-2+squeeze1.5_i386.deb
a7d9ed96bd930363cf92920063f2ff94 24784 httpd optional
lighttpd-mod-magnet_1.4.28-2+squeeze1.5_i386.deb
71f0637b6a3acda746dd02f0be55ac05 31720 httpd optional
lighttpd-mod-webdav_1.4.28-2+squeeze1.5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iD8DBQFShKKybxelr8HyTqQRAso6AKDHTJh55+ujX19R6dFizbXyWHtfSACfd3eR
b4GfoHUpBvZJrs6QsMj7mdg=
=GV+O
-----END PGP SIGNATURE-----
--- End Message ---