Your message dated Sun, 12 Mar 2017 09:18:34 +0000 with message-id <[email protected]> and subject line Bug#855962: fixed in acme-tiny 20160801-2 has caused the Debian Bug report #855962, regarding acme-tiny: fail to parse openssl 1.1 CSR output to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 855962: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855962 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: acme-tiny Version: 20160801-1 Severity: serious openssl 1.1 slightly changed the way the Subject of a certificate request is formated: - Subject: CN=foobar.domain.net + Subject: CN = foobar.domain.net This causes acme-tiny to fail to get the domain from certificate requests without SAN. This in turns causes the certificate signing to be rejected by letsencrypt with error urn:acme:error:unauthorized unless it has been validated relatively recently. Here is a possible patch to make it compatible with both openssl 1.0 and 1.1: --- a/acme_tiny.py +++ b/acme_tiny.py @@ -69,7 +69,7 @@ if proc.returncode != 0: raise IOError("Error loading {0}: {1}".format(csr, err)) domains = set([]) - common_name = re.search(r"Subject:.*? CN=([^\s,;/]+)", out.decode('utf8')) + common_name = re.search(r"Subject:.*? CN\s*=\s*([^\s,;/]+)", out.decode('utf8')) if common_name is not None: domains.add(common_name.group(1)) subject_alt_names = re.search(r"X509v3 Subject Alternative Name: \n +([^\n]+)\n", out.decode('utf8'), re.MULTILINE|re.DOTALL) -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages acme-tiny depends on: ii openssl 1.1.0d-2 ii python3-pkg-resources 33.1.1-1 pn python3:any <none> acme-tiny recommends no packages. acme-tiny suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: acme-tiny Source-Version: 20160801-2 We believe that the bug you reported is fixed in the latest version of acme-tiny, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. JeremÃas Casteglione <[email protected]> (supplier of updated acme-tiny package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 12 Mar 2017 09:51:34 +0100 Source: acme-tiny Binary: acme-tiny Architecture: source Version: 20160801-2 Distribution: unstable Urgency: medium Maintainer: Debian Let's Encrypt <[email protected]> Changed-By: JeremÃas Casteglione <[email protected]> Description: acme-tiny - letsencrypt tiny Python client Closes: 855962 Changes: acme-tiny (20160801-2) unstable; urgency=medium . * fix fail to parse openssl 1.1 CSR output (Closes: #855962) patch by: Aurelien Jarno <[email protected]> Checksums-Sha1: 414aee74abd2afea1ed67bdfd613e1fbdc6ad1fd 2014 acme-tiny_20160801-2.dsc de0fca91cbea0c89832daba45cf16c60dd3b0526 10116 acme-tiny_20160801-2.debian.tar.xz 6414f9d13cc3339e976be28a307fa8ccd6c3ad41 4981 acme-tiny_20160801-2_amd64.buildinfo Checksums-Sha256: 6a86b285e5c830db2b9de63b06c595224acb4d5beb2ef9366a86cc09b3bdc946 2014 acme-tiny_20160801-2.dsc c4ee8400a61f0246a602d8a09d8f4159c858f4c5d412449b0fc3b57dc82efadc 10116 acme-tiny_20160801-2.debian.tar.xz 06d1887bcab42eb7144a065bf0e5348677e85aa56afe1cb1b9f69622a3c03822 4981 acme-tiny_20160801-2_amd64.buildinfo Files: d2440bd81734a3dedd8fd3033c87f36b 2014 utils optional acme-tiny_20160801-2.dsc b060fe851b4f4f7831ae682637b26f09 10116 utils optional acme-tiny_20160801-2.debian.tar.xz 077a358aae8ece536b9325ef38ea19ee 4981 utils optional acme-tiny_20160801-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAljFDR4ACgkQCBa54Yx2 K61OQRAAgKlys1TYjDIeKEvDQJX0ALwDsFQ9DiY+kep8y0XaJ115sVp9mYgAwZvX vqpuM2YEaCNC2dLGRH4cI1slx6JZ93yvPXbTA2VJD5sQxEMLVQG8XMz1DKTCLbGF ZUjs45k/6MG3xDlIks/O2Fg56X6xNtiWa8o0whRL/TTZrMKY76OYn+LBak8m3rIq 3IAzXD1cK4cBfnewmne/MGMrzX4e5LhziH+e6yZTJBpDwnoed5afPvCJ/Y7wQia0 Ppj4hnAzfM9D3wKOB0caN/17l4Nq8v4a83xyEdkTLeNcxlW4BUBw5InNZbkBvcs3 HYEQdkuAY56sqfkCuCCOL1pHCGK9L24Q1WmxH/gH3vwRWnfD1+xfBHzfv523EBh1 qz8AaKtqH35b+rzn8932kWcvHJxkwqHoi4KlIjwVYcIMHjDEe1XJA/64buVrg0ej mpuwMMvqgaKksTt+3S2iQi0jL1E2VKhXtEQnMS+CI2O6W1A45Zh7z2GOf3iSMe6t wq0qkGMT80U2JWSioc3bHjkgJgPYzC5tdCSZ6Df6mDElVuAQ75HrUazaJ0QFjRjf uwzMhnedsLY9IsxbYROAuXonxGr36D5yP89HfW3qlTqwX0RBno7+syNXJG9NviVV QLBcncXmWRwEoPWqsRQTbuG7Q7hHEC0eVnhjANBT4GAfg9li6Mc= =/A2F -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Letsencrypt-devel mailing list [email protected] https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
