Your message dated Sat, 9 Nov 2019 15:30:36 +0000
with message-id <09112019152049.8c2348a31...@desktop.copernicus.org.uk>
and subject line Re: Bug#863270: cups: https uses SHA-1 signature algorithm
has caused the Debian Bug report #863270,
regarding cups: https uses SHA-1 signature algorithm
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
863270: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863270
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: cups-daemon
Version: 2.2.1-8
Severity: normal
Dear Maintainer,
the cups webserver on port 631 supports the https protocol.
When browsing cups using the https protocol a certificate/key pair is
created in /etc/cups/ssl.
$ openssl x509 -in /etc/cups/ssl/hostname.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1495639838 (0x5925a71E)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, CN = hostname, O = hostname, OU = Unknown, ST =
Unknown, L = Unknown
Validity
Not Before: May 24 15:30:42 2017 GMT
Not After : May 22 15:30:42 2027 GMT
Subject: C = US, CN = hostname, O = hostname, OU = Unknown, ST =
Unknown, L = Unknown
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Using SHA-1 as signature algorithm is unsafe.
This algorithm will not be accepted in future browser versions.
I have no clue why the country is set to US. That is not where my system is.
Please, remove this bogus when fixing the SHA-1 issue.
Best regards
Heinrich Schuchardt
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64
(x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cups depends on:
ii cups-client 2.2.1-8
ii cups-common 2.2.1-8
ii cups-core-drivers 2.2.1-8
ii cups-daemon 2.2.1-8
ii cups-filters 1.11.6-3
ii cups-ppdc 2.2.1-8
ii cups-server-common 2.2.1-8
ii debconf [debconf-2.0] 1.5.60
ii ghostscript 9.20~dfsg-3.2
ii libavahi-client3 0.6.32-2
ii libavahi-common3 0.6.32-2
ii libc-bin 2.24-10
ii libc6 2.24-10
ii libcups2 2.2.1-8
ii libcupscgi1 2.2.1-8
ii libcupsimage2 2.2.1-8
ii libcupsmime1 2.2.1-8
ii libcupsppdc1 2.2.1-8
ii libgcc1 1:6.3.0-18
ii libstdc++6 6.3.0-18
ii libusb-1.0-0 2:1.0.21-1
ii poppler-utils 0.48.0-2
ii procps 2:3.3.12-3
Versions of packages cups recommends:
ii avahi-daemon 0.6.32-2
ii colord 1.3.3-2
ii cups-filters [ghostscript-cups] 1.11.6-3
ii printer-driver-gutenprint 5.2.11-1+b2
Versions of packages cups suggests:
ii cups-bsd 2.2.1-8
pn cups-pdf <none>
ii foomatic-db-compressed-ppds [foomatic-db] 20161201-1
ii hplip 3.16.11+repack0-3
ii printer-driver-hpcups 3.16.11+repack0-3
pn smbclient <none>
ii udev 232-23
-- debconf information:
cupsys/raw-print: true
cupsys/backend: lpd, socket, usb, snmp, dnssd
--- End Message ---
--- Begin Message ---
On Wed 24 May 2017 at 18:26:11 +0200, Heinrich Schuchardt wrote:
> Package: cups-daemon
> Version: 2.2.1-8
> Severity: normal
>
> Dear Maintainer,
>
> the cups webserver on port 631 supports the https protocol.
>
> When browsing cups using the https protocol a certificate/key pair is
> created in /etc/cups/ssl.
>
> $ openssl x509 -in /etc/cups/ssl/hostname.crt -text
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 1495639838 (0x5925a71E)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C = US, CN = hostname, O = hostname, OU = Unknown, ST =
> Unknown, L = Unknown
> Validity
> Not Before: May 24 15:30:42 2017 GMT
> Not After : May 22 15:30:42 2027 GMT
> Subject: C = US, CN = hostname, O = hostname, OU = Unknown, ST =
> Unknown, L = Unknown
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> Public-Key: (2048 bit)
>
> Using SHA-1 as signature algorithm is unsafe.
> This algorithm will not be accepted in future browser versions.
>
> I have no clue why the country is set to US. That is not where my system is.
> Please, remove this bogus when fixing the SHA-1 issue.
On cups 2.3.0-7 (the present unstable) we see
Signature Algorithm: sha256WithRSAEncryption
The change appears to have came about in Issue #5862
https://github.com/apple/cups/issues/4862
I guess we can close this report.
Regards,
Brian.
--- End Message ---