Package: openssl Version: 1.1.0f-3+deb9u2 Severity: important Dear Maintainer,
There is a typo in the Code for the x509 options, which leads to the point that no CAengine can be specified. With this bug a CA can't be stored on a smartcard or something alike. This bug has been fixed with 1.1.0g Here is a upstream bug report: https://github.com/openssl/openssl/issues/4366 The simple fix is here: https://github.com/openssl/openssl/commit/bd6eba79d70677f891f1bb55b6f5bc5602c47cbc And here for the 1.1.0 stable branch: https://github.com/openssl/openssl/commit/b701fa8340944c2a0481457f96e7f38b03180c24 -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel, armhf Kernel: Linux 4.17.0-0.bpo.1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages openssl depends on: ii libc6 2.24-11+deb9u3 ii libssl1.1 1.1.0f-3+deb9u2 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20161130+nmu1+deb9u1 -- no debconf information