Public bug reported: Seen on 18.04.1 with openssl/libssl 1.1.0g-2ubuntu4.1
As per the issue on the openssl github at https://github.com/openssl/openssl/issues/5521 - 1.1.0 is overzealous about parsing common names as hostnames and this can lead to incorrectly rejecting client certificates from CAs with DNS name constraints. This is reportedly fixed in 1.1.1. Specifically this is an issue in my case because I run an apache2 server that verifies client certificates on https connections and have discovered that some certificates are being rejected because an intermediate CA has DNS name constraints which are being unexpectedly applied to the CN of client certificates. ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Tags: bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1802125 Title: openssl 1.1.0 incorrectly verifies certificates with permitted name constraints Status in openssl package in Ubuntu: New Bug description: Seen on 18.04.1 with openssl/libssl 1.1.0g-2ubuntu4.1 As per the issue on the openssl github at https://github.com/openssl/openssl/issues/5521 - 1.1.0 is overzealous about parsing common names as hostnames and this can lead to incorrectly rejecting client certificates from CAs with DNS name constraints. This is reportedly fixed in 1.1.1. Specifically this is an issue in my case because I run an apache2 server that verifies client certificates on https connections and have discovered that some certificates are being rejected because an intermediate CA has DNS name constraints which are being unexpectedly applied to the CN of client certificates. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1802125/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
