Your message dated Wed, 25 May 2016 00:17:15 +0200
with message-id <[email protected]>
and subject line Re: Bug#151197: openssl: verify should fail when verification
fails
has caused the Debian Bug report #151197,
regarding openssl: verify should fail when verification fails
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
151197: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=151197
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssl
Version: 0.9.6d-1
Severity: normal
aps100@cyclone:~$ openssl verify < 01.pem && echo yes || echo no
stdin: /CN=moo
error 20 at 0 depth lookup:unable to get local issuer certificate
yes
That should probably have returned a false value (with the current
behaviour, scripting is a pain in the arse).
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux cyclone 2.4.13 #7 Wed Mar 20 23:51:20 GMT 2002 i686
Locale: LANG=C, LC_CTYPE=
Versions of packages openssl depends on:
ii libc6 2.2.5-6 GNU C Library: Shared libraries an
ii libssl0.9.6 0.9.6d-1 SSL shared libraries
ii perl 5.6.1-7 Larry Wall's Practical Extraction
-- no debconf information
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ | Dept. of Computing,
`. `' | Imperial College,
`- -><- | London, UK
--- End Message ---
--- Begin Message ---
control: forwarded -1 https://rt.openssl.org/Ticket/Display.html?id=136
control: fixed -1 1.0.1e-1
control: fixed -1 1.0.2~beta1-1
On 2002-06-27 21:18:37 [+0100], Andrew Suffield wrote:
> aps100@cyclone:~$ openssl verify < 01.pem && echo yes || echo no
> stdin: /CN=moo
> error 20 at 0 depth lookup:unable to get local issuer certificate
> yes
>
> That should probably have returned a false value (with the current
> behaviour, scripting is a pain in the arse).
To quote upstream on this:
|Killing this one. While I agree with what's being said, this is an old one and
|if someone still wants this change, they'll issue a new ticket.
However, on stable:
|$ openssl verify -CAfile lets-encrypt-x3-cross-signed.pem.txt x.cert ; echo $?
|x.cert: OK
|0
|$ openssl verify -CAfile lets-encrypt-x4-cross-signed.pem.txt x.cert ; echo $?
|x.cert: CN = x.x
|error 20 at 0 depth lookup:unable to get local issuer certificate
|2
so everything worked out in the end :)
Sebastian
--- End Message ---
