** Description changed: [Impact] - * openssl command line utility option parsing has regressed in 1.1.0i+ + * openssl command line utility option parsing has regressed in 1.1.0i+ and produces binary output, where text output is expected, breaking applications that parse that. [Test Case] - * OPENSSL_ENABLE_MD5_VERIFY=1 openssl ca -config test.openssl.cnf - -passin stdin -batch -spkac input_file -startdate 190121130654Z + Setup CA: + $ apt install openssl + $ mkdir -p demoCA/private demoCA/newcerts + $ touch demoCA/index.txt + $ echo 01 > demoCA/serial - Currently produces binary goop. + $ openssl req -new -x509 -days 365 -newkey rsa:4096 -keyout + demoCA/private/cakey.pem -out demoCA/cacert.pem - Should produce PEM format Base64 encoded certificate data in a block surrounded - with BEGIN/END certificate. + # Use password test + # Accept defaults for all other settings + + $ openssl req -new -days 365 -newkey rsa:4096 -keyout demoCA/sslkey.pem + -out demoCA/sslcert.pem + + Generate regular request / key: + # Use password test + # Set common name to: example.com + # Accept defaults for all other settings + + Generate spkac request: + $ openssl spkac -key demoCA/sslkey.pem -out demoCA/sslcert.spkac + $ cat <<EOF >>demoCA/sslcert.spkac + countryName=AU + stateOrProvinceName=Some-State + organizationName=Internet Widgits Pty Ltd + commonName=example.com + EOF + + Sign spkac request: + $ echo test | openssl ca -passin stdin -batch -spkac demoCA/sslcert.spkac -startdate 190121130654Z + + Expected: pure text output + Unexpected: binary output for the signed cert + + + Currently produces binary goop. + + Should produce PEM format Base64 encoded certificate data in a block surrounded + with BEGIN/END certificate. [Regression Potential] - * This is a regression in cosmic and up, and impeding regression in + * This is a regression in cosmic and up, and impeding regression in bionic with the upcoming 1.1.1 SRU. A bugfix exists upstream. [Other Info] - - * Originally reported https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/comments/39 + + * Originally reported + https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/comments/39
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1828215 Title: openssl ca -spkac output regressed To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1828215/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
