Bug#729480: marked as done (SSL connections with client certificates no longer working)
Your message dated Thu, 05 Dec 2013 21:17:19 + with message-id and subject line Bug#729480: fixed in lighttpd 1.4.31-4+deb7u2 has caused the Debian Bug report #729480, regarding SSL connections with client certificates no longer working to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 729480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729480 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: lighttpd Version: 1.4.31-4+deb7u1 Severity: important I am running a webserver that only offers https and normally requires client certificates. When I install the security upgrade 1.4.31-4+deb7u1 and restart lighttpd, with some delay (when I keep hitting reload in a client, it works 5-10 times) no more connections with client certificates succeed. Firefox reports "connection was interrupted", chrome ERR_SSL_PROTOCOL_ERROR, lighttpd's error log fills with messages saying: (connections.c.305) SSL: 1 error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized "regualar" https-Connections (w/o client certificate) continue to work. After restarting lighttpd, everything works again for a little while, then trouble starts again. With lighttpd 1.4.31-4 everything works fine; this problem definitely has been introduced with the security patches for 1.4.31-4+deb7u1. --- End Message --- --- Begin Message --- Source: lighttpd Source-Version: 1.4.31-4+deb7u2 We believe that the bug you reported is fixed in the latest version of lighttpd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 729...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch (supplier of updated lighttpd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 14 Nov 2013 10:55:41 +0100 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav Architecture: source i386 all Version: 1.4.31-4+deb7u2 Distribution: stable-security Urgency: high Maintainer: Debian lighttpd maintainers Changed-By: Stefan Fritsch Description: lighttpd - fast webserver with minimal memory footprint lighttpd-doc - documentation for lighttpd lighttpd-mod-cml - cache meta language module for lighttpd lighttpd-mod-magnet - control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Closes: 729480 729555 Changes: lighttpd (1.4.31-4+deb7u2) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix regression introduced by fix for cve-2013-4508, related to client certificates and SNI. Closes: #729555, #729480 Checksums-Sha1: 21937c02aad20e15b6b3462ca57f5d8745b73a85 2040 lighttpd_1.4.31-4+deb7u2.dsc 11616c7aa7de721a07c316010aa970c4d19b6a8a 33310 lighttpd_1.4.31-4+deb7u2.debian.tar.gz 38d6f15e2fc94a259122c1ba0eefd15a6aa9bbe0 297994 lighttpd_1.4.31-4+deb7u2_i386.deb 202ec8cd938af46615c08249fb39747cd217fe82 64468 lighttpd-doc_1.4.31-4+deb7u2_all.deb 77908b959660c3b28acc3f2c229417bd6df2b816 20104 lighttpd-mod-mysql-vhost_1.4.31-4+deb7u2_i386.deb bd7d20489b87af5045f02030699264f3434d9c13 21564 lighttpd-mod-trigger-b4-dl_1.4.31-4+deb7u2_i386.deb d6f02a954d0ae79cd79a69ab4c05c659eb6cd57a 25468 lighttpd-mod-cml_1.4.31-4+deb7u2_i386.deb 3aa8f1f807064b717417d1adbb7941b1252cdd17 26434 lighttpd-mod-magnet_1.4.31-4+deb7u2_i386.deb bd3dbc06b1f27a6a733d055be8b8e3088dcfaffd 32694 lighttpd-mod-webdav_1.4.31-4+deb7u2_i386.deb Checksums-Sha256: e045f7869412025e4f0d94055ee7048ab103524819cf13da9e9b462b4eb9fbd5 2040 lighttpd_1.4.31-4+deb7u2.dsc d225e7f634fa80374b4610e134c767d911dac77da4b3556b84b603d0e938a4d9 33310 lighttpd_1.4.31-4+deb7u2.debian.tar.gz 171c3d2849ff1b3a05f385c84f45d5f1d0aa570f0abbeff6365956376a885453 297994 lighttpd_1.4.31-4+deb7u2_i386.deb 56f36c5831c4e5723f3d2f141d4eb58c44a4e0452d174e9d682820b9cc32a2a3 64468 lighttpd-doc_1.4.31-4+deb7u2_all.deb 172ddc03da23b745002f274844518e1a5b
Bug#729480: marked as done (SSL connections with client certificates no longer working)
Your message dated Thu, 28 Nov 2013 22:32:32 + with message-id and subject line Bug#729480: fixed in lighttpd 1.4.28-2+squeeze1.5 has caused the Debian Bug report #729480, regarding SSL connections with client certificates no longer working to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 729480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729480 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: lighttpd Version: 1.4.31-4+deb7u1 Severity: important I am running a webserver that only offers https and normally requires client certificates. When I install the security upgrade 1.4.31-4+deb7u1 and restart lighttpd, with some delay (when I keep hitting reload in a client, it works 5-10 times) no more connections with client certificates succeed. Firefox reports "connection was interrupted", chrome ERR_SSL_PROTOCOL_ERROR, lighttpd's error log fills with messages saying: (connections.c.305) SSL: 1 error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized "regualar" https-Connections (w/o client certificate) continue to work. After restarting lighttpd, everything works again for a little while, then trouble starts again. With lighttpd 1.4.31-4 everything works fine; this problem definitely has been introduced with the security patches for 1.4.31-4+deb7u1. --- End Message --- --- Begin Message --- Source: lighttpd Source-Version: 1.4.28-2+squeeze1.5 We believe that the bug you reported is fixed in the latest version of lighttpd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 729...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch (supplier of updated lighttpd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 14 Nov 2013 11:07:04 +0100 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav Architecture: source all i386 Version: 1.4.28-2+squeeze1.5 Distribution: oldstable-security Urgency: low Maintainer: Debian lighttpd maintainers Changed-By: Stefan Fritsch Description: lighttpd - A fast webserver with minimal memory footprint lighttpd-doc - Documentation for lighttpd lighttpd-mod-cml - Cache meta language module for lighttpd lighttpd-mod-magnet - Control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Closes: 729480 729555 Changes: lighttpd (1.4.28-2+squeeze1.5) oldstable-security; urgency=low . * Non-maintainer upload by the Security Team. * Fix regression introduced by fix for cve-2013-4508, related to client certificates and SNI. Closes: #729555, #729480 Checksums-Sha1: e79fb8e034a5f9244817f6bcdc11ac9e44cad638 1676 lighttpd_1.4.28-2+squeeze1.5.dsc 509a23fa34e4d2b03d67bec7b3cb436d886de9f2 35526 lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz b407af03ebba354f60148755f0b8dd478d9d36eb 64012 lighttpd-doc_1.4.28-2+squeeze1.5_all.deb 2e1842ba0b6c4016ca31eacdd206c199863b0aae 276822 lighttpd_1.4.28-2+squeeze1.5_i386.deb 09c3b01054f753d73f7eb38b915f256a1ee622fc 19238 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.5_i386.deb 2acf284248bb7ce8d8efc7ac0b066ed990ace92e 20776 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.5_i386.deb 51f733cfbe71d4ccbdabc9bc246cb4b2fd2996a7 23772 lighttpd-mod-cml_1.4.28-2+squeeze1.5_i386.deb 597b2c5b95722b6f644a2afc3e75d2e98331d737 24784 lighttpd-mod-magnet_1.4.28-2+squeeze1.5_i386.deb fd90be1d0995fcea022cd65cce7bf6caa598790e 31720 lighttpd-mod-webdav_1.4.28-2+squeeze1.5_i386.deb Checksums-Sha256: ef00a8b7df9a5e780bda986c13cd7f6eb6bfacc285ab1e426834f506d9c70529 1676 lighttpd_1.4.28-2+squeeze1.5.dsc 718dd85902aeca85218ebae554a0286f782576f7e2597f5aed871b8dcca5a7fc 35526 lighttpd_1.4.28-2+squeeze1.5.debian.tar.gz a0ac49b568be83e5e6b9d4fbb3b5617cf6c5d4c1f9202e991b755fd0c205ad95 64012 lighttpd-doc_1.4.28-2+squeeze1.5_all.deb ae9016fbcf3d94b2ab4f92dafc7658dfe92b41b52420e162f1ecd7cf51a230f9 276822
Bug#729480: marked as done (SSL connections with client certificates no longer working)
Your message dated Mon, 18 Nov 2013 23:03:41 + with message-id and subject line Bug#729480: fixed in lighttpd 1.4.33-1+nmu2 has caused the Debian Bug report #729480, regarding SSL connections with client certificates no longer working to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 729480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729480 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: lighttpd Version: 1.4.31-4+deb7u1 Severity: important I am running a webserver that only offers https and normally requires client certificates. When I install the security upgrade 1.4.31-4+deb7u1 and restart lighttpd, with some delay (when I keep hitting reload in a client, it works 5-10 times) no more connections with client certificates succeed. Firefox reports "connection was interrupted", chrome ERR_SSL_PROTOCOL_ERROR, lighttpd's error log fills with messages saying: (connections.c.305) SSL: 1 error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized "regualar" https-Connections (w/o client certificate) continue to work. After restarting lighttpd, everything works again for a little while, then trouble starts again. With lighttpd 1.4.31-4 everything works fine; this problem definitely has been introduced with the security patches for 1.4.31-4+deb7u1. --- End Message --- --- Begin Message --- Source: lighttpd Source-Version: 1.4.33-1+nmu2 We believe that the bug you reported is fixed in the latest version of lighttpd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 729...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Gilbert (supplier of updated lighttpd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 16 Nov 2013 22:29:07 + Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav Architecture: source amd64 all Version: 1.4.33-1+nmu2 Distribution: unstable Urgency: high Maintainer: Debian lighttpd maintainers Changed-By: Michael Gilbert Description: lighttpd - fast webserver with minimal memory footprint lighttpd-doc - documentation for lighttpd lighttpd-mod-cml - cache meta language module for lighttpd lighttpd-mod-magnet - control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Closes: 729480 Changes: lighttpd (1.4.33-1+nmu2) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Fix regression caused by the fix for cve-2013-4508 (closes: #729480). Checksums-Sha1: 6fef1302166aabaf6af87389dc5de774900db488 3413 lighttpd_1.4.33-1+nmu2.dsc 66e7cf4aedd49e85384aea470b0b92ee49fbe719 32326 lighttpd_1.4.33-1+nmu2.debian.tar.gz 90dcdb6d04ce4d8831aae4766f40c0bde85a58b4 234068 lighttpd_1.4.33-1+nmu2_amd64.deb 56546f2d3cbebd6f1229f586108b77d35c6f056e 60494 lighttpd-doc_1.4.33-1+nmu2_all.deb 97531f2e5492e3bac02892e7ddfe0188c8ca3baa 18970 lighttpd-mod-mysql-vhost_1.4.33-1+nmu2_amd64.deb 3b0386058cf1d2a41d77f19162287c4ada279643 20282 lighttpd-mod-trigger-b4-dl_1.4.33-1+nmu2_amd64.deb 508ef1c6a06156ef21a4aae9e57362816b4514fb 22804 lighttpd-mod-cml_1.4.33-1+nmu2_amd64.deb 7af51b5bfbe881d70a3f4738ee33b2a8d20bf393 23622 lighttpd-mod-magnet_1.4.33-1+nmu2_amd64.deb c59085badefe771fa7b750dbba73ff7effb39cf1 29078 lighttpd-mod-webdav_1.4.33-1+nmu2_amd64.deb Checksums-Sha256: f44f02518bf9f225dbd5a0daa2c8ee4f7474c8b0d5702fa1504f9b982e8a1d72 3413 lighttpd_1.4.33-1+nmu2.dsc 1dcec0dd427c670f2be185fe529bdb0581fa05ac6cfb3795ce939b895793f833 32326 lighttpd_1.4.33-1+nmu2.debian.tar.gz 087a7c7e41afbf699b015d99beee60e8ed21c5ae4ff06409bbc2d2e3e520f2f1 234068 lighttpd_1.4.33-1+nmu2_amd64.deb 6155395b378f3ee5468829bff1196c87f8d6983573c28642e461a9931cd48a9e 60494 lighttpd-doc_1.4.33-1+nmu2_all.deb bf2bf5d0da84d6cadd20722a7c8c9b1a56090ec09c3b5cf3e3ce5743177a3209 18970 lighttpd-mod-mysql-vhost_1.4.33-1+nmu2_amd64.deb c3567d6