** Changed in: gnutls28 (Ubuntu Focal)
Status: Confirmed => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928648
Title:
expiring trust anchor compatibility issue
To manage
What about focal? It is currently broken to.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928648
Title:
expiring trust anchor compatibility issue
To manage notifications about this bug go to:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: gnutls28 (Ubuntu Focal)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928648
** Changed in: gnutls28 (Ubuntu Trusty)
Status: Confirmed => Won't Fix
** Also affects: gnutls28 (Ubuntu Focal)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Ack from the Ubuntu Security team for both gnutls28 3.5.18-1ubuntu1.5
and 3.4.10-4ubuntu1.9 to go to bionic-security and xenial-security
respectively.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This bug was fixed in the package gnutls28 - 3.4.10-4ubuntu1.9
---
gnutls28 (3.4.10-4ubuntu1.9) xenial; urgency=medium
* Backport patches from Upstream/Debian to check validity against system
certs. This is to allow correctly validating default letsencrypt
chains that now
** Changed in: gnutls28 (Ubuntu)
Importance: Undecided => High
** Changed in: gnutls28 (Ubuntu Precise)
Importance: Undecided => High
** Changed in: gnutls28 (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: gnutls28 (Ubuntu Xenial)
Importance: Undecided => High
**
xenial autopkgtest regressions explained in
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1928648/comments/13
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1928648/comments/14
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
This bug was fixed in the package gnutls28 - 3.5.18-1ubuntu1.5
---
gnutls28 (3.5.18-1ubuntu1.5) bionic; urgency=medium
* Backport patches from Upstream/Debian to check validity against system
certs. This is to allow correctly validating default letsencrypt
chains that now
bionic autopkgtests are all clean
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928648
Title:
expiring trust anchor compatibility issue
To manage notifications about this bug go to:
In xenial systemd autopkgtest only fails with boot-smoke
FAIL: expected: '' actual: ' 1 graphical.target start
waiting
92 rng-tools.servicestart running
101 systemd-update-utmp-runlevel.service start waiting
2 multi-user.targetstart
On xenial lxc autopkgtest fails with "ERROR: Unable to fetch GPG key
from keyserver." due to using keyserver that is no longer available on
the internet.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
# dpkg-query -W gnutls-bin libgnutls30
gnutls-bin 3.5.18-1ubuntu1.4
libgnutls30:amd64 3.5.18-1ubuntu1.4
# gnutls-cli --x509cafile=ca.pem expired-root-ca-test.germancoding.com
Processed 2 CA certificate(s).
Resolving 'expired-root-ca-test.germancoding.com:443'...
Connecting to
# gnutls-cli --x509cafile=ca.pem expired-root-ca-test.germancoding.com
Processed 2 CA certificate(s).
Resolving 'expired-root-ca-test.germancoding.com'...
Connecting to '2a01:4f8:151:506c::2:443'...
...
- Status: The certificate is NOT trusted. The certificate chain uses expired
certificate.
***
Hello Dimitri, or anyone else affected,
Accepted gnutls28 into xenial-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/gnutls28/3.4.10-4ubuntu1.9 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
Hello Dimitri, or anyone else affected,
Accepted gnutls28 into bionic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/gnutls28/3.5.18-1ubuntu1.5 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
Hi Dmitry/Marc,
thanks for working on this and the related openssl bug, very appreciated trying
avoiding the rapidly upcoming problem.
I think this gnutls could get be extra annoying (or very noisy for
support) as bionic is both still active LTS and also apt itself uses
gnutls backend. ESM maybe
The backported patches in comments #1 and #2 look reasonable to me. +1
from the security team.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928648
Title:
expiring trust anchor compatibility issue
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: gnutls28 (Ubuntu Trusty)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928648
** Description changed:
[Impact]
* gnutls28 fails to talk to letsencrypt website past September 2021,
despite trusting the letsencrypt root certificate.
[Test Plan]
* Import staging cert equivalent to ISRG Root X1
** Changed in: gnutls28 (Ubuntu Xenial)
Assignee: (unassigned) => Dimitri John Ledkov (xnox)
** Changed in: gnutls28 (Ubuntu Xenial)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "bionic_gnutls28_content.diff"
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1928648/+attachment/5521238/+files/bionic_gnutls28_content.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
[Impact]
* gnutls28 fails to talk to letsencrypt website past September 2021,
despite trusting the letsencrypt root certificate.
[Test Plan]
* Import staging cert equivalent to ISRG Root X1
** Changed in: gnutls28 (Ubuntu Bionic)
Status: New => In Progress
** Changed in: gnutls28 (Ubuntu Precise)
Status: New => Won't Fix
** Changed in: gnutls28 (Ubuntu Bionic)
Assignee: (unassigned) => Dimitri John Ledkov (xnox)
--
You received this bug notification because you
** Description changed:
[Impact]
* gnutls28 fails to talk to letsencrypt website past September 2021,
despite trusting the letsencrypt root certificate.
[Test Plan]
* Import staging cert equivalent to ISRG Root X1
** Tags added: letsencrypt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928648
Title:
expiring trust anchor compatibility issue
To manage notifications about this bug go to:
** Description changed:
[Impact]
- * gnutls28 fails to talk to letsencrypt website past September 2021,
+ * gnutls28 fails to talk to letsencrypt website past September 2021,
despite trusting the letsencrypt root certificate.
[Test Plan]
- * Import staging cert equivalent to
** Description changed:
+ [Impact]
+
+ * gnutls28 fails to talk to letsencrypt website past September 2021,
+ despite trusting the letsencrypt root certificate.
+
+ [Test Plan]
+
+ * Import staging cert equivalent to ISRG Root X1
** Description changed:
- https://community.letsencrypt.org/t/openssl-client-compatibility-
- changes-for-let-s-encrypt-certificates/143816
+
https://community.letsencrypt.org/t/openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143816
+
29 matches
Mail list logo
