Your message dated Thu, 28 Nov 2013 22:32:32 +0000 with message-id <e1vma8p-0004sc...@franck.debian.org> and subject line Bug#729480: fixed in lighttpd 1.4.28-2+squeeze1.5 has caused the Debian Bug report #729480, regarding SSL connections with client certificates no longer working to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 729480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729480 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: lighttpd Version: 1.4.31-4+deb7u1 Severity: important I am running a webserver that only offers https and normally requires client certificates. When I install the security upgrade 1.4.31-4+deb7u1 and restart lighttpd, with some delay (when I keep hitting reload in a client, it works 5-10 times) no more connections with client certificates succeed. Firefox reports "connection was interrupted", chrome ERR_SSL_PROTOCOL_ERROR, lighttpd's error log fills with messages saying: (connections.c.305) SSL: 1 error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized "regualar" https-Connections (w/o client certificate) continue to work. After restarting lighttpd, everything works again for a little while, then trouble starts again. With lighttpd 1.4.31-4 everything works fine; this problem definitely has been introduced with the security patches for 1.4.31-4+deb7u1.
--- End Message ---
--- Begin Message ---Source: lighttpd Source-Version: 1.4.28-2+squeeze1.5 We believe that the bug you reported is fixed in the latest version of lighttpd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 729...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch <s...@debian.org> (supplier of updated lighttpd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 14 Nov 2013 11:07:04 +0100 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav Architecture: source all i386 Version: 1.4.28-2+squeeze1.5 Distribution: oldstable-security Urgency: low Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintain...@lists.alioth.debian.org> Changed-By: Stefan Fritsch <s...@debian.org> Description: lighttpd - A fast webserver with minimal memory footprint lighttpd-doc - Documentation for lighttpd lighttpd-mod-cml - Cache meta language module for lighttpd lighttpd-mod-magnet - Control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Closes: 729480 729555 Changes: lighttpd (1.4.28-2+squeeze1.5) oldstable-security; urgency=low . * Non-maintainer upload by the Security Team. * Fix regression introduced by fix for cve-2013-4508, related to client certificates and SNI. Closes: #729555, #729480 Checksums-Sha1: e79fb8e034a5f9244817f6bcdc11ac9e44cad638 1676 lighttpd_1.4.28-2+squeeze1.5.dsc 509a23fa34e4d2b03d67bec7b3cb436d886de9f2 35526 lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz b407af03ebba354f60148755f0b8dd478d9d36eb 64012 lighttpd-doc_1.4.28-2+squeeze1.5_all.deb 2e1842ba0b6c4016ca31eacdd206c199863b0aae 276822 lighttpd_1.4.28-2+squeeze1.5_i386.deb 09c3b01054f753d73f7eb38b915f256a1ee622fc 19238 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.5_i386.deb 2acf284248bb7ce8d8efc7ac0b066ed990ace92e 20776 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.5_i386.deb 51f733cfbe71d4ccbdabc9bc246cb4b2fd2996a7 23772 lighttpd-mod-cml_1.4.28-2+squeeze1.5_i386.deb 597b2c5b95722b6f644a2afc3e75d2e98331d737 24784 lighttpd-mod-magnet_1.4.28-2+squeeze1.5_i386.deb fd90be1d0995fcea022cd65cce7bf6caa598790e 31720 lighttpd-mod-webdav_1.4.28-2+squeeze1.5_i386.deb Checksums-Sha256: ef00a8b7df9a5e780bda986c13cd7f6eb6bfacc285ab1e426834f506d9c70529 1676 lighttpd_1.4.28-2+squeeze1.5.dsc 718dd85902aeca85218ebae554a0286f782576f7e2597f5aed871b8dcca5a7fc 35526 lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz a0ac49b568be83e5e6b9d4fbb3b5617cf6c5d4c1f9202e991b755fd0c205ad95 64012 lighttpd-doc_1.4.28-2+squeeze1.5_all.deb ae9016fbcf3d94b2ab4f92dafc7658dfe92b41b52420e162f1ecd7cf51a230f9 276822 lighttpd_1.4.28-2+squeeze1.5_i386.deb 7659bcb2b2fc5b1aba372e547bf926979d90b08a8f8e2a67ec5f7460a9e89c43 19238 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.5_i386.deb 45a496b7f7bcdf79f3c5eaa7ad5454693835780c33a2b5b59b0833f0c6ce2fad 20776 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.5_i386.deb 12e0eb2413e9af29bc8afac167b3c964e2511ed04d7b8ac31cb178d8de79697b 23772 lighttpd-mod-cml_1.4.28-2+squeeze1.5_i386.deb 42fe011a019f800648be41f6403dbdc6bc9ec366f83f16682ed802bf035c0232 24784 lighttpd-mod-magnet_1.4.28-2+squeeze1.5_i386.deb e54609970bc0abe16a6ca7257f94a1247005cdf263f0fb7749c0428ef24145f6 31720 lighttpd-mod-webdav_1.4.28-2+squeeze1.5_i386.deb Files: 0f68e69ea5acbf3cb4fe9019823ef06d 1676 httpd optional lighttpd_1.4.28-2+squeeze1.5.dsc bdc45661b02e5d0e39f91395a0f04505 35526 httpd optional lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz 6b2f600966ac44af880244b015b9a6b4 64012 doc optional lighttpd-doc_1.4.28-2+squeeze1.5_all.deb 2625dcd339883b912a9292cbaf239b1b 276822 httpd optional lighttpd_1.4.28-2+squeeze1.5_i386.deb 60185ea2f13a36808bad3b3a9e1cada1 19238 httpd optional lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.5_i386.deb e33d260bb2837a283045d5b2e2bfa05c 20776 httpd optional lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.5_i386.deb afe4a02265c89a02b5cf9ab8d4c9bf60 23772 httpd optional lighttpd-mod-cml_1.4.28-2+squeeze1.5_i386.deb a7d9ed96bd930363cf92920063f2ff94 24784 httpd optional lighttpd-mod-magnet_1.4.28-2+squeeze1.5_i386.deb 71f0637b6a3acda746dd02f0be55ac05 31720 httpd optional lighttpd-mod-webdav_1.4.28-2+squeeze1.5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iD8DBQFShKKybxelr8HyTqQRAso6AKDHTJh55+ujX19R6dFizbXyWHtfSACfd3eR b4GfoHUpBvZJrs6QsMj7mdg= =GV+O -----END PGP SIGNATURE-----
--- End Message ---
