Your message dated Sat, 16 May 2015 06:02:06 +0000 with message-id <[email protected]> and subject line Bug#769741: fixed in ircd-hybrid 1:8.2.0+dfsg.1-2+deb8u1 has caused the Debian Bug report #769741, regarding ircd-hybrid does not send chain certificates when using SSL to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 769741: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769741 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: ircd-hybrid Version: 1:8.2.0+dfsg.1-2.ssl1 Severity: normal Tags: upstream patch Dear Maintainer, * What led up to the situation? Configuring ircd-hybrid to use an SSL certificate that is issued by an intermediate CA certificate. The intermediate certificate was appended to the certificate pem file as works with many other servers. * What exactly did you do (or not do) that was effective (or ineffective)? Applied this patch and rebuilt the package. I have a similar patch for the ircd-hybrid in stable. diff --git a/src/conf_parser.c b/src/conf_parser.c index 5f43e69..85d54c6 100644 --- a/src/conf_parser.c +++ b/src/conf_parser.c @@ -2983,10 +2983,10 @@ yyreduce: break; } - if (SSL_CTX_use_certificate_file(ConfigServerInfo.server_ctx, yylval.string, - SSL_FILETYPE_PEM) <= 0 || - SSL_CTX_use_certificate_file(ConfigServerInfo.client_ctx, yylval.string, - SSL_FILETYPE_PEM) <= 0) + if (SSL_CTX_use_certificate_chain_file(ConfigServerInfo.server_ctx, + yylval.string) <= 0 || + SSL_CTX_use_certificate_chain_file(ConfigServerInfo.client_ctx, + yylval.string) <= 0) { report_crypto_errors(); conf_error_report("Could not open/read certificate file"); * What was the outcome of this action? The intermediate certificate was sent to the client. * What outcome did you expect instead? -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages ircd-hybrid depends on: ii debconf [debconf-2.0] 1.5.53 ii libc6 2.19-13 ii libgeoip1 1.6.2-1 ii libltdl7 2.4.2-1.11 ii libssl1.0.0 1.0.1j-1 ii openssl 1.0.1j-1 Versions of packages ircd-hybrid recommends: pn whois <none> Versions of packages ircd-hybrid suggests: pn hybserv <none> -- Configuration Files: /etc/ircd-hybrid/cert.cnf [Errno 13] Permission denied: u'/etc/ircd-hybrid/cert.cnf' /etc/ircd-hybrid/cresv.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/cresv.conf' /etc/ircd-hybrid/dline.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/dline.conf' /etc/ircd-hybrid/ircd.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/ircd.conf' /etc/ircd-hybrid/ircd.motd [Errno 13] Permission denied: u'/etc/ircd-hybrid/ircd.motd' /etc/ircd-hybrid/kline.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/kline.conf' /etc/ircd-hybrid/nresv.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/nresv.conf' /etc/ircd-hybrid/xline.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/xline.conf' -- debconf information: * ircd-hybrid/upgrade_no_services_warn: true ircd-hybrid/upgrade_to_nossl_warn: true ircd-hybrid/upgrade_secure_links_warn: true ircd-hybrid/restart_on_upgrade: true
--- End Message ---
--- Begin Message ---Source: ircd-hybrid Source-Version: 1:8.2.0+dfsg.1-2+deb8u1 We believe that the bug you reported is fixed in the latest version of ircd-hybrid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dominic Hargreaves <[email protected]> (supplier of updated ircd-hybrid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 10 May 2015 19:54:58 +0100 Source: ircd-hybrid Binary: ircd-hybrid hybrid-dev Architecture: all i386 source Version: 1:8.2.0+dfsg.1-2+deb8u1 Distribution: jessie Urgency: medium Maintainer: Dominic Hargreaves <[email protected]> Changed-By: Dominic Hargreaves <[email protected]> Closes: 769741 779082 782859 782883 Description: hybrid-dev - high-performance secure IRC server - development files ircd-hybrid - high-performance secure IRC server Changes: ircd-hybrid (1:8.2.0+dfsg.1-2+deb8u1) jessie; urgency=medium . * Remove Suggests: hybserv as the package isn't in jessie * Fix a DoS from localhost clients backported from 8.2.6 (Closes: #782859) * Debconf configuration script no longer ignores the result of upgrade questions (Closes: #779082) * Don't display upgrade warnings on new installs (Closes: #782883) * Support chained SSL certificates (Closes: #769741) Checksums-Sha1: d3ae3b01106aa6a14994ae91bb6ca9eb72f8d830 2143 ircd-hybrid_8.2.0+dfsg.1-2+deb8u1.dsc 6bad6b4dbf514baa220d324de5be4bfd400659cb 53672 ircd-hybrid_8.2.0+dfsg.1-2+deb8u1.debian.tar.xz c7e26b5319d2792210f1c4855f35f5be97da22af 155692 hybrid-dev_8.2.0+dfsg.1-2+deb8u1_all.deb 45d71aa665a8270e8b9095fdeb44b7dd958267c6 462062 ircd-hybrid_8.2.0+dfsg.1-2+deb8u1_i386.deb Checksums-Sha256: 2c828ec3383e805d24c018d85bc2b0d0c1e5f4a2c7f43a8b379aaa52acd4aaae 2143 ircd-hybrid_8.2.0+dfsg.1-2+deb8u1.dsc fdd4ba8ff2091c51b9ae4ac50f330d9a0ad48e4d7fc9cd569fc7f662e02cf408 53672 ircd-hybrid_8.2.0+dfsg.1-2+deb8u1.debian.tar.xz 54b8aece0c85efdb2008b8c33699ade2acf2faf516dd285d09e8ebcf094deb98 155692 hybrid-dev_8.2.0+dfsg.1-2+deb8u1_all.deb 907f8cb4696d2fec094ee012a619afd57e8527ac2534d815b73766ee5ccf0fa0 462062 ircd-hybrid_8.2.0+dfsg.1-2+deb8u1_i386.deb Files: 043818fb982f7cec3496fcb91271a1db 2143 net optional ircd-hybrid_8.2.0+dfsg.1-2+deb8u1.dsc 5a12fd82c408b6e506b8b220a43d0738 53672 net optional ircd-hybrid_8.2.0+dfsg.1-2+deb8u1.debian.tar.xz 81761c4c55e4914e8f185fecc295fe67 155692 devel optional hybrid-dev_8.2.0+dfsg.1-2+deb8u1_all.deb a503f9bf145ab468258b713dd2de9744 462062 net optional ircd-hybrid_8.2.0+dfsg.1-2+deb8u1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVU7D9AAoJEMAFfnFNaU+ydz8P/3FNDhNXZHSbY591anCbYlPt rgNFl8JiIp8KUPaKdkz24T0OjzAy1Hk07xs7aMKX7uXkZM+nWhwVdjexwPgkzGR1 4FhA5pMNk0+KCeYZkaq7PSIRHOfRY6nLCF6Qv2quTau5USXT5StYgIlWQhPmfo5p jfhT4OON4N+oOOLECP7fbZ8b+V28nfjgEpgJsywjClY18XxeaTo+61UHl/yXKQln /5Cjbw9wMJD9utQFTRs24bAXMieopBYw5wQ9/vgHdsft0gAHYwT9CIVtKUleuEWm +w7hD2kwpmrl0nv1pOFDVwu4ieVNW/5H3aoU01umqUren43yYNEXaqW7+zG7WBUb snNlH3yJRD/psOjqXMpBi/MCAvEvj9FpXUguQY2qm+acRcteju9KII2Gkn6fhaLU HyQB4cE6J/ecRJGWVgosAcft0t82k1vWR878/rhK7ivyhkoWaeS6RlniJOSoleEk i1aLmbLuin2DDAC0nVyAyEdWvxDOZFuUtjRu3VdvvcLfWS7n61qGcNjBuMuwrMZt 1qxRbQKXixrJTq/S1jmyInfzMFnwI5kvA44yz6jSaZOXh/Deq/5FkAgjQdckwaS9 b/Hp5lcloeswBTxQ7uZeC+gqKfQNGyARFatfIDjsAGyAfgi5BqGOaTqR6zF4tD3B 0scPTWTplwnapptUWbrG =0CNd -----END PGP SIGNATURE-----
--- End Message ---
