[Bug 855454] Re: Breaks some roots

Loïc Minier lool at dooz.org
Wed Sep 21 13:00:26 UTC 2011 

This is due to changes in the last openssl merge from Debian, presumably
themselves coming from upstream, where openssl's tools/c_rehash.in got
an updated check_file to validate certs before processing them.
Apparently this broke support for DOS-style line endings.

** Also affects: ubuntuone-storage-protocol (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: ubuntuone-storage-protocol
       Status: New => In Progress

** Changed in: ubuntuone-storage-protocol
     Assignee: (unassigned) => Loïc Minier (lool)

** Package changed: ca-certificates (Ubuntu) => openssl (Ubuntu)

** Summary changed:

- Breaks some roots
+ Breaks certs with DOS-style line endings

** Description changed:

- Hi
+ Update of openssl from 1.0.0d-2ubuntu2 to 1.0.0e-2ubuntu1 broke the
+ c_rehash parsing of certificates with DOS-style line endings.
  
- After upgrading to the latest ca-certificates, some certificates aren't
- valid anymore.  I upgraded from 20110502+nmu1 to 20110502+nmu1ubuntu3
- and the test host is Canonical IRC.
- 
- Before the update:
- openssl s_client -CApath /etc/ssl/certs -connect host:port
- [...]
-     Verify return code: 0 (ok)
- 
- after the update:
-     Verify return code: 21 (unable to verify the first certificate)
- 
- Matthias Klose is seeing certificate issues under xchat since the
- upgrade.
- 
- Bye,
- 
- ProblemType: Bug
- DistroRelease: Ubuntu 11.10
- Package: ca-certificates 20110502+nmu1ubuntu3
- ProcVersionSignature: Ubuntu 3.0.0-11.17-generic 3.0.4
- Uname: Linux 3.0.0-11-generic x86_64
- ApportVersion: 1.23-0ubuntu1
- Architecture: amd64
- Date: Wed Sep 21 13:29:47 2011
- ProcEnviron:
-  LANGUAGE=fr_FR:fr:en_GB:en
-  PATH=(custom, user)
-  LANG=fr_FR.UTF-8
-  SHELL=/bin/zsh
- SourcePackage: ca-certificates
- UpgradeStatus: Upgraded to oneiric on 2009-12-07 (652 days ago)
+ This was only uncovered by a recent ca-certificates update which
+ triggered a rebuild.

** Description changed:

  Update of openssl from 1.0.0d-2ubuntu2 to 1.0.0e-2ubuntu1 broke the
  c_rehash parsing of certificates with DOS-style line endings.
  
  This was only uncovered by a recent ca-certificates update which
- triggered a rebuild.
+ triggered a rebuild of /etc/ssl/certs.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/855454

Title:
  Breaks certs with DOS-style line endings

Status in Ubuntu One storage protocol:
  In Progress
Status in “openssl” package in Ubuntu:
  New
Status in “ubuntuone-storage-protocol” package in Ubuntu:
  New

Bug description:
  Update of openssl from 1.0.0d-2ubuntu2 to 1.0.0e-2ubuntu1 broke the
  c_rehash parsing of certificates with DOS-style line endings.

  This was only uncovered by a recent ca-certificates update which
  triggered a rebuild of /etc/ssl/certs.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntuone-storage-protocol/+bug/855454/+subscriptions

More information about the foundations-bugs mailing list