Your message dated Mon, 05 Sep 2016 22:17:14 +0000
with message-id <[email protected]>
and subject line Bug#826552: fixed in openssl 1.0.1t-1+deb8u3
has caused the Debian Bug report #826552,
regarding openssl: crl processing fails with X509_NAME_EX_D2I:too long
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
826552: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826552
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssl
Version: 1.0.1t-1+deb8u2
Severity: important
Dear Maintainer,
since the last openssl update (from 1.0.1k-3+deb8u5 to 1.0.1t-1+deb8u2)
in jessie, openssl fails to process our long CRL:
odenbach@viridian1:~$ openssl crl -in /var/tmp/network-ca-crl.pem -noout
unable to load CRL
140337784870544:error:0D09E09B:asn1 encoding routines:X509_NAME_EX_D2I:too
long:x_name.c:203:
140337784870544:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=issuer,
Type=X509_CRL_INFO
140337784870544:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=crl,
Type=X509_CRL
140337784870544:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
lib:pem_oth.c:83:
odenbach@viridian1:~$ ls -l /var/tmp/network-ca-crl.pem
-rw-r--r-- 1 root root 2909209 Jun 6 06:26 /var/tmp/network-ca-crl.pem
A working version of openssl shows that the CRL contains nearly 100.000 entries:
odenbach@viridian1:~$ WORK/testssl.sh/openssl crl -in
/var/tmp/network-ca-crl.pem -noout -text | grep Serial | wc -l
98988
Looks like this known bug:
https://www.mail-archive.com/[email protected]/msg44242.html
-- System Information:
Debian Release: 8.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssl depends on:
ii libc6 2.19-18+deb8u4
ii libssl1.0.0 1.0.1t-1+deb8u2
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20141019+deb8u1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: openssl
Source-Version: 1.0.1t-1+deb8u3
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 11 Jun 2016 19:18:11 +0200
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc
libssl1.0.0-dbg
Architecture: source all amd64
Version: 1.0.1t-1+deb8u3
Distribution: jessie
Urgency: medium
Maintainer: Debian OpenSSL Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
libssl-dev - Secure Sockets Layer toolkit - development files
libssl-doc - Secure Sockets Layer toolkit - development documentation
libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
openssl - Secure Sockets Layer toolkit - cryptographic utility
Closes: 826552 833156
Changes:
openssl (1.0.1t-1+deb8u3) jessie; urgency=medium
.
[ Kurt Roeckx ]
* Fix length check for CRLs. (Closes: #826552)
.
[ Sebastian Andrzej Siewior ]
* Enable asm optimisation for s390x. Patch by Dimitri John Ledkov.
(Closes: #833156).
Checksums-Sha1:
54083162d078a0bf78ef407e0ac2b7f33e4cc6f4 2255 openssl_1.0.1t-1+deb8u3.dsc
a2dd65e4f02d3af90f56c99bb438fe77e56fd205 97104
openssl_1.0.1t-1+deb8u3.debian.tar.xz
a6ba76d082fff3824a3714e4b2d45d382db856f2 1166838
libssl-doc_1.0.1t-1+deb8u3_all.deb
f87a4ef9d51e2e0f57758342e0433cc44129c6ca 664334
openssl_1.0.1t-1+deb8u3_amd64.deb
ead13b0fd1beb9a06c78d61f0d2f6913578ae475 1045554
libssl1.0.0_1.0.1t-1+deb8u3_amd64.deb
67c68e91a07ca83476c116f89d368b8b831b07f5 643786
libcrypto1.0.0-udeb_1.0.1t-1+deb8u3_amd64.udeb
2b8ac8a6949917eaa311766fd62816ac07ef66a2 1281530
libssl-dev_1.0.1t-1+deb8u3_amd64.deb
199f4fad62067964d3263b840891e97e5a2af694 2816468
libssl1.0.0-dbg_1.0.1t-1+deb8u3_amd64.deb
Checksums-Sha256:
aad37a98b1fd87c5ba5ae8fd724655cdbdbd9fd4c58818858c57045a36c02ff6 2255
openssl_1.0.1t-1+deb8u3.dsc
fb078fe66d58cf3ef6606c1470b5dc7c8a3ae57bed669d436d26592f82175d24 97104
openssl_1.0.1t-1+deb8u3.debian.tar.xz
1c890eb2aa2becae57a4f84b27709233f9e92e78b4e95b5899537b4e71456474 1166838
libssl-doc_1.0.1t-1+deb8u3_all.deb
9d04e590361bc6b14e71940f20f61fe60a18d0e3e8963c50c321506e53b288ee 664334
openssl_1.0.1t-1+deb8u3_amd64.deb
9b1e5583735c21d3e33ad1f50accabca34c36db439f9f41f75d801f11bd860b9 1045554
libssl1.0.0_1.0.1t-1+deb8u3_amd64.deb
4cf78370479764eb74af380824fa2a875f1cf523653a39aa5db86fd7cd7bad00 643786
libcrypto1.0.0-udeb_1.0.1t-1+deb8u3_amd64.udeb
d5426aa774c450c6dca22010db90dee558c29bdd265ecf9e5183c3f4f6e00fb2 1281530
libssl-dev_1.0.1t-1+deb8u3_amd64.deb
42b7c8c2f3200bb5eb151dd44713aa4ee4be590d4561239116cbf0df54329707 2816468
libssl1.0.0-dbg_1.0.1t-1+deb8u3_amd64.deb
Files:
225f5a9877e74b681c0821664a2ee17d 2255 utils optional
openssl_1.0.1t-1+deb8u3.dsc
baf7647c2b7d7b4421fa4a75f076e282 97104 utils optional
openssl_1.0.1t-1+deb8u3.debian.tar.xz
89687a948d85707c5b82d44aa51aaabe 1166838 doc optional
libssl-doc_1.0.1t-1+deb8u3_all.deb
75adfa928f299f3f3d1d6c2a73e13654 664334 utils optional
openssl_1.0.1t-1+deb8u3_amd64.deb
a52d53469d3139ac8c3be8f13e496b7a 1045554 libs important
libssl1.0.0_1.0.1t-1+deb8u3_amd64.deb
437c46d082bfc6c3957f0389c2fdab5b 643786 debian-installer optional
libcrypto1.0.0-udeb_1.0.1t-1+deb8u3_amd64.udeb
5418245beba7b55cc52d52765bfe1c50 1281530 libdevel optional
libssl-dev_1.0.1t-1+deb8u3_amd64.deb
d410d2671dd2b8b3944675dc736d657a 2816468 debug extra
libssl1.0.0-dbg_1.0.1t-1+deb8u3_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXzHpOAAoJEOPE3c0eTBJEXEoP/RrGOxB9KMNl0Je8Msj+ADzp
w/1z7vDVfnR5wFmmdeAD+gJ/dfW/vjaMSgOdGGzZDYQvV2eOTjDEMOeeKgA39A6E
H9KIVW7msl+G+4VdsrUSL8ylUjSVcJYyhmDS5mNLhNaBYtKE7PPkiCv4/7JKA5CJ
Uhvyn5sOSuT4jmQs9P7v0SD4GE8iTUKcmT4qYNUDlQoZac1qt0wYe2Mltf8Apz2m
j4ZdGCgmgotV21c342T8Dq+pGJUz+VVIT/0DRWTaO6OqKEeASJC1SL1V+h8Z20t5
ABgOffy9ggcwm4bQ2mYxZ7odcF70zUtpdrnktA5gkzueLhCV3QgCBHsUul3OXXX7
hgi/XuD7965I80DKwgAUyp92eNFQjd0HPecvnTCjPKhR6CEIaoDDWRcCB3JHmpVc
OQZtfhcyFma4PMe68CIPutfMcKr2E3FmR1bhtPC/H9NniQuPZMyKhIQt6yMYdHmc
SgbyOGFvhaP2AAvi82bg/Az23LVuIuITTQIRMgVYQ4M747ZPrAtQSyKoFeJz5wLu
NhnQEVuPe2s6q/H+eocGwj0+DRy1Hnu2loMusICaYgksZr0NEKh5/3f3e1MdUG8h
WIw+fAOU16hEyW5p5/Xr96OiAI+o0cYn8G8RaWRuFCeYPQ4JnAXFdOCU3ISjlqNV
CvcDwDY4nCtJjjE5cEWi
=S3CD
-----END PGP SIGNATURE-----
--- End Message ---
