I pulled the proposed source:
$ pull-lp-source openssl bionic
built with tracing enabled:
$ cd openssl-1.1.1
$ sed -i -e '/^CONFARGS =/a CONFARGS += enable-ssl-trace' debian/rules
$ debuild -us -uc -b 2>&1 | tee ../debuild.log
$ cd ..
installed:
$ sudo dpkg -i libssl1.1_1.1.1-1ubuntu2.1~18.04.16_amd64.deb
openssl_1.1.1-1ubuntu2.1~18.04.16_amd64.deb
tested:
$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout key.pem
-out cert.pem
$ openssl s_server -key key.pem -cert cert.pem -status_file
openssl-1.1.1/test/recipes/ocsp-response.der -Verify 5 2>&1 | tee s_server.log &
$ openssl s_client -status -trace -cert cert.pem -key key.pem 2>&1 | tee
s_client.log (^c)
$ grep -B1 -A4 CertificateRequest s_client.log
Inner Content Type = Handshake (22)
CertificateRequest, Length=45
request_context (len=0):
extensions, length = 42
extension_type=signature_algorithms(13), length=38
ecdsa_secp256r1_sha256 (0x0403)
$ tail -6 s_server.log
---
No server certificate CA names sent
CIPHER is TLS_AES_256_GCM_SHA384
Secure Renegotiation IS supported
ERROR
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940141
Title:
OpenSSL servers can send a non-empty status_request in a
CertificateRequest
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1940141/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
