[
https://bro-tracker.atlassian.net/browse/BIT-1402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johanna Amann updated BIT-1402:
-------------------------------
Resolution: Fixed
Status: Closed (was: Open)
Fixed by setting OPENSSL_ENABLE_MD5_VERIFY in btest.cfg.
Fedora introduces this non-standard environment variable in one of their
distro-specific patches to OpenSSL (openssl-1.0.1e-no-md5-verify.patch); if it
is not set, MD5 verification is not permitted.
Committed in 5147b0bb02588f223cf04fac2ac3c3d9a7640217
> New SSL::Invalid_Server_Cert in test-suite
> ------------------------------------------
>
> Key: BIT-1402
> URL: https://bro-tracker.atlassian.net/browse/BIT-1402
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Reporter: Robin Sommer
> Assignee: Johanna Amann
> Fix For: 2.4
>
>
> I'm getting two additional {{SSL::Invalid_Server_Cert}} with the private
> test-suite, presumably due to an OpenSSL version change regarding MD5
> handling. Can we revert behavior back to the previous one with recent OpenSSL
> versions?
> {code}
> +XXXXXXXXXX.XXXXXX XXXXXXXXXXX X 2012 Y 443 - - -
> tcp SSL::Invalid_Server_Cert SSL certificate validation
> failed with (certificate signature failure) CN=XXX X Y 443 - bro
> Notice::ACTION_LOG 3600.000000 F - - - -
> -
> +XXXXXXXXXX.XXXXXX XXXXXXXXXXX X 2013 Y 443 - -
> - tcp SSL::Invalid_Server_Cert SSL certificate validation
> failed with (certificate signature failure) CN=XXX X Y - bro
> Notice::ACTION_LOG 3600.000000 F - - - -
> -
> {code}
--
This message was sent by Atlassian JIRA
(v6.5-OD-04-052#65000)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
