I think you want package updates from Ubuntu ESM, in particular ca-
certificates 20190110~14.04.1~esm2.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928989
Title:
expiring trust anchor
Help!
I'm on Trusty and Launchpad PPAs no longer work for me!
sudo add-apt-repository ppa:oibaf/graphics-drivers
Cannot add PPA: '"Error reading
https://launchpad.net/api/1.0/~oibaf/+archive/graphics-drivers: (60,
'server certificate verification failed. CAfile: /etc/ssl/certs/ca-
Note: for trusty the issue will be worked around by distrusting "DST
Root CA X3", see https://bugs.launchpad.net/ubuntu/+source/ca-
certificates/+bug/1944481
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@xnox I'm working on an update for Debian Jessie (1.0.1t) as part of Debian
ELTS.
I got one test suite failure in 'verify_extra_test' that I fixed by partially
reverting
https://github.com/openssl/openssl/commit/cb22d2ae5a5b6069dbf66dbcce07223ac15a16de
(hence aligning the test with later
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openssl (Ubuntu Trusty)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928989
Attempted trusty backport, but failing at making it pass all the
existing unit tests. Asking for help. At the moment it seems to me that
trusty will remain unfixed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This bug was fixed in the package openssl - 1.0.2g-1ubuntu4.20
---
openssl (1.0.2g-1ubuntu4.20) xenial-security; urgency=medium
* Enable X509_V_FLAG_TRUSTED_FIRST by default, such that letsencrypt
connection with the default chain remains trusted even after the
expiry of
The Ubuntu Security Team is okay with publishig the xenial openssl in
proposed (1.0.2g-1ubuntu4.20) to xenial-security and updates. I didn't
see any symbol changes or dependency changes in the binaries that would
have indicated that building against xenial-updates was a problem.
Thanks!
--
You
psqlodbc confuses me, as if clusters fail to create. Seems unrelated to
openssl changes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928989
Title:
expiring trust anchor compatibility issue
To
Download of canonical.com with faketime 2021-10-01 also works.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928989
Title:
expiring trust anchor compatibility issue
To manage notifications about
ruby2.3 is not a regression on all other arches, not sure why s390x is
the only "working" arch with failing test.
retried psqlodbc
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928989
Title:
Reproduced the bug with:
# dpkg-query -W libssl1.0.0 openssl
libssl1.0.0:amd64 1.0.2g-1ubuntu4.19
openssl 1.0.2g-1ubuntu4.19
# openssl s_client -connect expired-root-ca-test.germancoding.com:443
-servername expired-root-ca-test.germancoding.com -verify 1 -verifyCAfile ca.pem
verify depth
python3.5 ADT regression is in xenial-updates regression, because the
test certificates it uses have expired.
** Tags removed: verification-needed verification-needed-xenial
** Tags added: verification-done verification-done-xenial
--
You received this bug notification because you are a member
Hello Dimitri, or anyone else affected,
Accepted openssl into xenial-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.20 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
Assigning the verification and publication to xenial-security to myself.
Thanks.
** Changed in: openssl (Ubuntu Xenial)
Assignee: (unassigned) => Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
[Impact]
* openssl fails to talk to letsencrypt website past September 2021,
despite trusting the letsencrypt root certificate.
[Test Plan]
* Import staging cert equivalent to ISRG Root X1
I think the patch in comment #1 looks reasonable.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928989
Title:
expiring trust anchor compatibility issue
To manage notifications about this bug go
ADT results at https://bileto.ubuntu.com/excuses/4594/xenial.html
** Description changed:
[Impact]
* openssl fails to talk to letsencrypt website past September 2021,
despite trusting the letsencrypt root certificate.
[Test Plan]
* Import staging cert equivalent to ISRG Root
PPA with these changes available from https://launchpad.net/~ci-train-
ppa-service/+archive/ubuntu/4594
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928989
Title:
expiring trust anchor
python3.5 has stopped passing its testsuite due to expried test certs.
Thus upload of openssl has triggered regression in python3.5
I've cherrypicked updated test certs and keys, but to cherry-pick those
cleanly, I also had to cherrypick an earlier bug fix. All of these are
unmodified from 3.5.10
** Patch added: "lp1928989.patch"
https://bugs.launchpad.net/ubuntu/xenial/+source/openssl/+bug/1928989/+attachment/5507665/+files/lp1928989.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
[Impact]
- * openssl fails to talk to letsencrypt website past September 2021,
+ * openssl fails to talk to letsencrypt website past September 2021,
despite trusting the letsencrypt root certificate.
[Test Plan]
- * Import staging cert equivalent to ISRG
** Information type changed from Public to Public Security
** Tags removed: letsencrypt
** Tags added: letsencryptexpiry
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928989
Title:
expiring trust
23 matches
Mail list logo
