Your message dated Sun, 19 Apr 2015 15:19:11 +0000 with message-id <[email protected]> and subject line Bug#769741: fixed in ircd-hybrid 1:8.2.7+dfsg.1-1 has caused the Debian Bug report #769741, regarding ircd-hybrid does not send chain certificates when using SSL to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 769741: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769741 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: ircd-hybrid Version: 1:8.2.0+dfsg.1-2.ssl1 Severity: normal Tags: upstream patch Dear Maintainer, * What led up to the situation? Configuring ircd-hybrid to use an SSL certificate that is issued by an intermediate CA certificate. The intermediate certificate was appended to the certificate pem file as works with many other servers. * What exactly did you do (or not do) that was effective (or ineffective)? Applied this patch and rebuilt the package. I have a similar patch for the ircd-hybrid in stable. diff --git a/src/conf_parser.c b/src/conf_parser.c index 5f43e69..85d54c6 100644 --- a/src/conf_parser.c +++ b/src/conf_parser.c @@ -2983,10 +2983,10 @@ yyreduce: break; } - if (SSL_CTX_use_certificate_file(ConfigServerInfo.server_ctx, yylval.string, - SSL_FILETYPE_PEM) <= 0 || - SSL_CTX_use_certificate_file(ConfigServerInfo.client_ctx, yylval.string, - SSL_FILETYPE_PEM) <= 0) + if (SSL_CTX_use_certificate_chain_file(ConfigServerInfo.server_ctx, + yylval.string) <= 0 || + SSL_CTX_use_certificate_chain_file(ConfigServerInfo.client_ctx, + yylval.string) <= 0) { report_crypto_errors(); conf_error_report("Could not open/read certificate file"); * What was the outcome of this action? The intermediate certificate was sent to the client. * What outcome did you expect instead? -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages ircd-hybrid depends on: ii debconf [debconf-2.0] 1.5.53 ii libc6 2.19-13 ii libgeoip1 1.6.2-1 ii libltdl7 2.4.2-1.11 ii libssl1.0.0 1.0.1j-1 ii openssl 1.0.1j-1 Versions of packages ircd-hybrid recommends: pn whois <none> Versions of packages ircd-hybrid suggests: pn hybserv <none> -- Configuration Files: /etc/ircd-hybrid/cert.cnf [Errno 13] Permission denied: u'/etc/ircd-hybrid/cert.cnf' /etc/ircd-hybrid/cresv.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/cresv.conf' /etc/ircd-hybrid/dline.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/dline.conf' /etc/ircd-hybrid/ircd.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/ircd.conf' /etc/ircd-hybrid/ircd.motd [Errno 13] Permission denied: u'/etc/ircd-hybrid/ircd.motd' /etc/ircd-hybrid/kline.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/kline.conf' /etc/ircd-hybrid/nresv.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/nresv.conf' /etc/ircd-hybrid/xline.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/xline.conf' -- debconf information: * ircd-hybrid/upgrade_no_services_warn: true ircd-hybrid/upgrade_to_nossl_warn: true ircd-hybrid/upgrade_secure_links_warn: true ircd-hybrid/restart_on_upgrade: true
--- End Message ---
--- Begin Message ---Source: ircd-hybrid Source-Version: 1:8.2.7+dfsg.1-1 We believe that the bug you reported is fixed in the latest version of ircd-hybrid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dominic Hargreaves <[email protected]> (supplier of updated ircd-hybrid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 19 Apr 2015 15:53:09 +0100 Source: ircd-hybrid Binary: ircd-hybrid hybrid-dev Architecture: all source Version: 1:8.2.7+dfsg.1-1 Distribution: unstable Urgency: medium Maintainer: Dominic Hargreaves <[email protected]> Changed-By: Dominic Hargreaves <[email protected]> Closes: 769741 779082 782859 782883 Description: hybrid-dev - high-performance secure IRC server - development files ircd-hybrid - high-performance secure IRC server Changes: ircd-hybrid (1:8.2.7+dfsg.1-1) unstable; urgency=medium . * Remove Suggests: hybserv since it doesn't really work with ircd-hybrid 8 and above * New upstream release - update debian/copyright with minor changes - update config files from new reference.conf - fixes DoS from localhost clients (Closes: #782859) - supports SSL certficate chaining (Closes: #769741) * Debconf configuration script no longer ignores the result of upgrade questions (Closes: #779082) * Don't display upgrade warnings on new installs (Closes: #782883) * Add NEWS item about updated configuration Checksums-Sha1: e533c56607b248628193654448af90dd307fe642 2115 ircd-hybrid_8.2.7+dfsg.1-1.dsc b944fbe572495bf34b563262cb9e566a337da7a2 1102677 ircd-hybrid_8.2.7+dfsg.1.orig.tar.gz 2e337a46212ab5d1421570ef1a8319e61df4d345 52292 ircd-hybrid_8.2.7+dfsg.1-1.debian.tar.xz 124387c2e5814ab8820a7713fada54228bde3d9a 172664 hybrid-dev_8.2.7+dfsg.1-1_all.deb Checksums-Sha256: c35c6070820b2422bd2226628367c508077d3e935b740d49db0cd7f986099572 2115 ircd-hybrid_8.2.7+dfsg.1-1.dsc 7d1867fab006a9c2ccc86536873a9dcd01b209651b6deef4b219878056bb521a 1102677 ircd-hybrid_8.2.7+dfsg.1.orig.tar.gz 64f26f19c09da15ad19579302f52628559e517c0225f882bf00b6f9bb04b69b5 52292 ircd-hybrid_8.2.7+dfsg.1-1.debian.tar.xz 64b2191181e48650993ee49fa51fd18147332adad3db803ebbcb934a9b8b4220 172664 hybrid-dev_8.2.7+dfsg.1-1_all.deb Files: ad263d5656ed93d1b2efd756d5426247 2115 net optional ircd-hybrid_8.2.7+dfsg.1-1.dsc 5de1d85134ede6fb82376ea0e4f20bfa 1102677 net optional ircd-hybrid_8.2.7+dfsg.1.orig.tar.gz bea39a8b78866f12c0658bb6704ae5ad 52292 net optional ircd-hybrid_8.2.7+dfsg.1-1.debian.tar.xz b3b0d8c9d351fc77c1226f815fd494ab 172664 devel optional hybrid-dev_8.2.7+dfsg.1-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVM8UYAAoJEMAFfnFNaU+yZA0P/AxT5j6exzFvYT7z82pGgS/3 iyRBAYJ9iyIcBpygZlww2PVzaRkyzfBNWBbUv3kV9oO9obakAJ8Zv6A6HR3J7hek ZXCfTUUNKtWkv4bY8mhmdGde2AOkUttOWrqcgpzomS4+f377wcX/t6wfx8WTeLOL BlgKL98omP8FLLsVF9in4NJ7vJbeJ+rebJght6XB4HwqibfKGeYE2+N6E2Tm9vo3 cerXegnyahkJWqzvIHQSzB8+bLhCSiT8/YcdmkzpS7GT1OkIr5ywYi2mY1owPcPd DBi+gBuV5ZzTGo74cyYSXipnkvzbTo5BTp2LCrjhC63DMEcRERtsQHyocxaeFY1A xokHosijoQ+VsXMHJt6/X8XgYSQBzLx7VWI33hF+S10mBd/cmwtWo1iKCM1SBYDc AQE3w1uI9ivoarV6KcpM8xxe2aoHu2sDq4aZSyqcZzsWIDwidSeISk2nH4NYdOk9 1/8WyfRpSrnt7KvCVfvdAiYu/X7IRLH5hF2Jt23T0iLtMgI2APEEtK0h7BBb7+ZN 9/UEChbK8Z4ndJnEKGInEI/SAtQeWL0gGPik8dDbjO0hDNkb3xiqZlU0YbxvLSO8 i/CDkxmYHIh2JJBKmfS40JSN3C7bxNb0RL1qPanqkISX6aHIh+3jTWkqjdJkgRBT W8oj1Xp9HbmwhoEgrpV6 =MAQr -----END PGP SIGNATURE-----
--- End Message ---
