ssl/libssl certificate validation broken?

2020-10-20 Thread Uwe Werler
Hi folks, before opening a bug report I'll ask here because I want to make sure that I have not missed something. With the upgrade to 6.8 my cert validation seems to be broken because the hashed certs in /etc/ssl/certs are not honored anymore. I usually stored our L1 and L2 ca certs in /etc/ssl/c

Re: ssl/libssl certificate validation broken?

2020-10-20 Thread Bob Beck
On 20 Oct 21:01, Uwe Werler wrote: > Hi folks, > > before opening a bug report I'll ask here because I want to make sure that I > have not missed something. You should probably submit a real bug report instead of jumping to conclusions on misc@ > > With the upgrade to 6.8 my cert validation se

Re: ssl/libssl certificate validation broken?

2020-10-20 Thread Uwe Werler
On 20 Oct 21:01, Uwe Werler wrote: > Hi folks, > > before opening a bug report I'll ask here because I want to make sure that I > have not missed something. > > With the upgrade to 6.8 my cert validation seems to be broken because the > hashed certs in /etc/ssl/certs are not honored anymore. I us

Re: ssl/libssl certificate validation broken?

2020-10-21 Thread Uwe Werler
On 20 Oct 20:21, Bob Beck wrote: > On 20 Oct 21:01, Uwe Werler wrote: > > Hi folks, > > > > before opening a bug report I'll ask here because I want to make sure that I > > have not missed something. > > You should probably submit a real bug report instead of jumping to > conclusions on misc@ H

Re: ssl/libssl certificate validation broken?

2020-10-22 Thread Rafael Possamai
>Hi Bob, it was in the middle of the night and I got quite kinda stressed >because all services depending on our ldap proxy stopped working after the >upgrade and it took me a while to figure the problem out. Perhaps this is unsolicited advice, but maybe you can setup a test system first, perform

Re: ssl/libssl certificate validation broken?

2020-10-22 Thread Daniel Jakots
On Thu, 22 Oct 2020 21:49:20 -0500, "Rafael Possamai" wrote: > >Hi Bob, it was in the middle of the night and I got quite kinda > >stressed because all services depending on our ldap proxy stopped > >working after the upgrade and it took me a while to figure the > >problem out. > > Perhaps thi

Re: ssl/libssl certificate validation broken?

2020-10-22 Thread Theo de Raadt
Daniel Jakots wrote: > On Thu, 22 Oct 2020 21:49:20 -0500, "Rafael Possamai" > wrote: > > > >Hi Bob, it was in the middle of the night and I got quite kinda > > >stressed because all services depending on our ldap proxy stopped > > >working after the upgrade and it took me a while to figure the

Re: ssl/libssl certificate validation broken?

2020-10-25 Thread Uwe Werler
On 22 Oct 21:49, Rafael Possamai wrote: > >Hi Bob, it was in the middle of the night and I got quite kinda stressed > >because all services depending on our ldap proxy stopped working after the > >upgrade and it took me a while to figure the problem out. > > Perhaps this is unsolicited advice, but

Re: ssl/libssl certificate validation broken?

2020-10-25 Thread Uwe Werler
On 22 Oct 22:59, Daniel Jakots wrote: > On Thu, 22 Oct 2020 21:49:20 -0500, "Rafael Possamai" > wrote: > > > >Hi Bob, it was in the middle of the night and I got quite kinda > > >stressed because all services depending on our ldap proxy stopped > > >working after the upgrade and it took me a whil