[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
I have managed to install the proposed version on this link: https://launchpad.net/ubuntu/jammy/amd64/certmonger/0.79.14+git20211010-2ubuntu1.1 Unfortunately, this is still suffering some issues when creating certs: Mar 7 15:27:07 lnx-test-3 certmonger[35411]: 2024-03-07 15:27:07 [35411] Error: failed to verify signature on server response. error:10800075:PKCS7 routines::certificate verify error Mar 7 15:27:15 lnx-test-3 kernel: [ 6712.749399] audit: type=1400 audit(1709825235.952:3267): apparmor="ALLOWED" operation="open" class="file" profile="/usr/sbin/sssd" name="/proc/35585/cmdline" pid=32369 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Mar 7 15:28:01 lnx-test-3 scep-submit: Message failed verification. Mar 7 15:28:01 lnx-test-3 scep-submit: Error: failed to verify signature on server response.#012 # Cert info Mar 7 15:28:01 lnx-test-3 scep-submit: error:10800075:PKCS7 routines::certificate verify error # More cert info Mar 7 15:28:01 lnx-test-3 certmonger[35411]: 2024-03-07 15:28:01 [35411] Error: failed to verify signature on server response. error:10800075:PKCS7 routines::certificate verify error -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Status in certmonger source package in Jammy: Fix Committed Bug description: [Impact] Requesting SCEP certificates crashes certmonger when it's built with OpenSSL 3, and it needs a patch backported to fix this. [Test case] Check that the SCEP requests succeed without the daemon crashing. [Where things could go wrong] This patch has been upstream for several months now, and this part of certmonger hasn't seen any additional commits since, so it's safe to say that adding this shouldn't regress things. -- I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
Diego, how did it go? -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Status in certmonger source package in Jammy: Fix Committed Bug description: [Impact] Requesting SCEP certificates crashes certmonger when it's built with OpenSSL 3, and it needs a patch backported to fix this. [Test case] Check that the SCEP requests succeed without the daemon crashing. [Where things could go wrong] This patch has been upstream for several months now, and this part of certmonger hasn't seen any additional commits since, so it's safe to say that adding this shouldn't regress things. -- I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
Re: [Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
Sorry for my delay I somehow lost track of it. I will test this over the next few days and let you know D On Thu 19 Oct 2023, 11:34 Andreas Hasenack, <1987...@bugs.launchpad.net> wrote: > This bug is awaiting verification for a long time now, could someone > affected please perform the verification from the test plan? > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1987276 > > Title: > certmonger - libcrypto issues with openssl3 > > Status in certmonger package in Ubuntu: > Fix Released > Status in certmonger source package in Jammy: > Fix Committed > > Bug description: > [Impact] > > Requesting SCEP certificates crashes certmonger when it's built with > OpenSSL 3, and it needs a patch backported to fix this. > > [Test case] > > Check that the SCEP requests succeed without the daemon crashing. > > > [Where things could go wrong] > > This patch has been upstream for several months now, and this part of > certmonger hasn't seen any additional commits since, so it's safe to > say that adding this shouldn't regress things. > > > -- > > I just want to let you know that this bug is still present from 22.04 > onwards (anything that uses libssl3 as default) - bug is being tracked > in https://pagure.io/certmonger/issue/244 - I already tested the patch > provided and it works, but I would love to see an updated package on > the official repository. > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions > > -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Status in certmonger source package in Jammy: Fix Committed Bug description: [Impact] Requesting SCEP certificates crashes certmonger when it's built with OpenSSL 3, and it needs a patch backported to fix this. [Test case] Check that the SCEP requests succeed without the daemon crashing. [Where things could go wrong] This patch has been upstream for several months now, and this part of certmonger hasn't seen any additional commits since, so it's safe to say that adding this shouldn't regress things. -- I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
This bug is awaiting verification for a long time now, could someone affected please perform the verification from the test plan? -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Status in certmonger source package in Jammy: Fix Committed Bug description: [Impact] Requesting SCEP certificates crashes certmonger when it's built with OpenSSL 3, and it needs a patch backported to fix this. [Test case] Check that the SCEP requests succeed without the daemon crashing. [Where things could go wrong] This patch has been upstream for several months now, and this part of certmonger hasn't seen any additional commits since, so it's safe to say that adding this shouldn't regress things. -- I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
Diego, please verify the fix works -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Status in certmonger source package in Jammy: Fix Committed Bug description: [Impact] Requesting SCEP certificates crashes certmonger when it's built with OpenSSL 3, and it needs a patch backported to fix this. [Test case] Check that the SCEP requests succeed without the daemon crashing. [Where things could go wrong] This patch has been upstream for several months now, and this part of certmonger hasn't seen any additional commits since, so it's safe to say that adding this shouldn't regress things. -- I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
Hello Diego, or anyone else affected, Accepted certmonger into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/certmonger/0.79.14+git20211010-2ubuntu1.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: certmonger (Ubuntu Jammy) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Status in certmonger source package in Jammy: Fix Committed Bug description: [Impact] Requesting SCEP certificates crashes certmonger when it's built with OpenSSL 3, and it needs a patch backported to fix this. [Test case] Check that the SCEP requests succeed without the daemon crashing. [Where things could go wrong] This patch has been upstream for several months now, and this part of certmonger hasn't seen any additional commits since, so it's safe to say that adding this shouldn't regress things. -- I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
okay, finally got around to doing that.. please add a comment if I wrote silly things in the SRU header :) ** Description changed: + [Impact] + + Requesting SCEP certificates crashes certmonger when it's built with + OpenSSL 3, and it needs a patch backported to fix this. + + [Test case] + + Check that the SCEP requests succeed without the daemon crashing. + + + [Where things could go wrong] + + This patch has been upstream for several months now, and this part of + certmonger hasn't seen any additional commits since, so it's safe to say + that adding this shouldn't regress things. + + + -- + I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. ** Changed in: certmonger (Ubuntu Jammy) Status: New => In Progress -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Status in certmonger source package in Jammy: In Progress Bug description: [Impact] Requesting SCEP certificates crashes certmonger when it's built with OpenSSL 3, and it needs a patch backported to fix this. [Test case] Check that the SCEP requests succeed without the daemon crashing. [Where things could go wrong] This patch has been upstream for several months now, and this part of certmonger hasn't seen any additional commits since, so it's safe to say that adding this shouldn't regress things. -- I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
** Also affects: certmonger (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Status in certmonger source package in Jammy: New Bug description: I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
Thanks - is there any plans to ship the new package with the bugfix to the Jammy repo? -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Bug description: I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
You can't just pull a package from kinetic and expect it to work as-is. The kinetic deb was built against libjansson 2.14-2. You'd need to rebuild certmonger from kinetic on jammy to allow it to install with jammy dependencies. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Bug description: I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
Hi all. I tested the new version on 22.04 - it works, but there is a set of dependencies that are only available on 22.10 (Kinetic) at the moment. sudo dpkg -i certmonger_0.79.16-1_amd64.deb (Reading database ... 227504 files and directories currently installed.) Preparing to unpack certmonger_0.79.16-1_amd64.deb ... Unpacking certmonger (0.79.16-1) over (0.79.16-1) ... dpkg: dependency problems prevent configuration of certmonger: certmonger depends on libjansson4 (>= 2.14); however: Version of libjansson4:amd64 on system is 2.13.1-1.1build3. certmonger depends on nss-plugin-pem; however: Package nss-plugin-pem is not installed. Current Jammy version of Libjansson4 is 2.13.1-1.1build3 Looking at certmonger ubuntu changelogs, I see %changelog +* Thu Aug 25 2022 Rob Crittenden - 0.79.16-1 +- update to 0.79.16 + - Add a PEM validity checker and validate SCEP CA files + - Fix implicit declaration of function ‘PEM_read_bio_X509’ + - Don't include "NEW" in certificate signing requests + - Verify that the AES-128 is used for encrypting the local CA + - Replace DER-encoded test file with a base64-encoded one + - Correct a bad date in the spec changelog + - Switch to https URLs for Sources, etc. + - Remove dependency on SHA-1 + - tests: Test that the CA constraint DER encoding is correct + - Disable DSA in the RPM spec + - Manually build the srpm for the copr CI + - Require jansson >= 2.12 + - Mark the current directory as a safe git directory + - Fix usage of PKCS#7 ASN1 attribute retrieval for SCEP keygen *** this was reported by us + - Translated using Weblate (Chinese (Simplified) (zh_CN)) + - Translated using Weblate (Georgian) + - Translated using Weblate (Indonesian) + - Translated using Weblate (Chinese (Simplified) (zh_CN)) + - Translated using Weblate (Hungarian) So I am not sure why the changelog requires only 2.12 and on my test is asking for libjansson4 (>= 2.14) - could you clarify that for me? -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Bug description: I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
This bug was fixed in the package certmonger - 0.79.16-1 --- certmonger (0.79.16-1) unstable; urgency=medium * New upstream release. (LP: #1987276) -- Timo Aaltonen Fri, 26 Aug 2022 09:42:54 +0300 ** Changed in: certmonger (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Fix Released Bug description: I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1987276] Re: certmonger - libcrypto issues with openssl3
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: certmonger (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of FreeIPA, which is subscribed to certmonger in Ubuntu. https://bugs.launchpad.net/bugs/1987276 Title: certmonger - libcrypto issues with openssl3 Status in certmonger package in Ubuntu: Confirmed Bug description: I just want to let you know that this bug is still present from 22.04 onwards (anything that uses libssl3 as default) - bug is being tracked in https://pagure.io/certmonger/issue/244 - I already tested the patch provided and it works, but I would love to see an updated package on the official repository. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/certmonger/+bug/1987276/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp