[Bug 1828215] Re: openssl ca -spkac output regressed
Steve Langasek
steve.langasek at canonical.com
Wed Jun 12 19:35:45 UTC 2019
Hello Dimitri, or anyone else affected,
Accepted openssl into cosmic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.3 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed. Your feedback will aid us getting this
update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-cosmic to verification-done-cosmic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-cosmic. In either case, without details of
your testing we will not be able to proceed.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance for helping!
N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.
** Changed in: openssl (Ubuntu Cosmic)
Status: Confirmed => Fix Committed
** Tags removed: verification-done
** Tags added: verification-needed verification-needed-cosmic
** Changed in: openssl (Ubuntu Disco)
Status: Confirmed => Fix Committed
** Tags added: verification-needed-disco
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1828215
Title:
openssl ca -spkac output regressed
Status in OpenSSL:
Fix Released
Status in openssl package in Ubuntu:
Fix Committed
Status in openssl source package in Bionic:
Fix Committed
Status in openssl source package in Cosmic:
Fix Committed
Status in openssl source package in Disco:
Fix Committed
Status in openssl source package in Eoan:
Fix Committed
Bug description:
[Impact]
* openssl command line utility option parsing has regressed in
1.1.0i+ and produces binary output, where text output is expected,
breaking applications that parse that.
[Test Case]
Setup CA:
$ apt install openssl
$ mkdir -p demoCA/private demoCA/newcerts
$ touch demoCA/index.txt
$ echo 01 > demoCA/serial
$ openssl req -new -x509 -days 365 -newkey rsa:4096 -keyout
demoCA/private/cakey.pem -out demoCA/cacert.pem
# Use password test
# Accept defaults for all other settings
$ openssl req -new -days 365 -newkey rsa:4096 -keyout
demoCA/sslkey.pem -out demoCA/sslcert.pem
Generate regular request / key:
# Use password test
# Set common name to: example.com
# Accept defaults for all other settings
Generate spkac request:
$ openssl spkac -key demoCA/sslkey.pem -out demoCA/sslcert.spkac
$ cat <<EOF >>demoCA/sslcert.spkac
countryName=AU
stateOrProvinceName=Some-State
organizationName=Internet Widgits Pty Ltd
commonName=example.com
EOF
Sign spkac request:
$ echo test | openssl ca -passin stdin -batch -spkac demoCA/sslcert.spkac -startdate 190121130654Z
Expected: pure text output
Unexpected: binary output for the signed cert
Currently produces binary goop.
Should produce PEM format Base64 encoded certificate data in a block surrounded
with BEGIN/END certificate.
[Regression Potential]
* This is a regression in cosmic and up, and impeding regression in
bionic with the upcoming 1.1.1 SRU. A bugfix exists upstream.
[Other Info]
* Originally reported
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/comments/39
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1828215/+subscriptions
More information about the foundations-bugs
mailing list