** Description changed: - The following bug from upstream libcurl should be fixed in Ubuntu Stable - and Ubuntu LTS trains: + [Impact] + + The bug makes it impossible to use PKCS#12 secure storage of client + certificates and private keys with any affected Ubuntu releases. The fix + is one line fixing a broken switch statement and was already tested + against Ubuntu 14.04 LTS with a rebuilt curl package. + + This was fixed in upstream libcurl in the following bug: https://sourceforge.net/p/curl/bugs/1371/ The bug fix consists of one missing break statement at the end of a case in a switch statement. I personally patched the bug using source code release curl_7.35.0-1ubuntu2.6.dsc, used in Ubuntu 14.04 LTS, and verified it does indeed fix the bug and all of the package's tests still pass afterwards. - Impact: The bug makes it impossible to use PKCS#12 secure storage of - client certificates and private keys with any affected Ubuntu releases. - The fix is one line fixing a broken switch statement and was already - tested against Ubuntu 14.04 LTS with a rebuilt curl package. + [Test Case] - Testing: The bug can be reproduced using the following libcurl - parameters (even via CLI, pycurl, etc.). + The bug can be reproduced using the following libcurl parameters (even + via CLI, pycurl, etc.). CURLOPT_SSLCERTTYPE == "P12" CURLOPT_SSLCERT = path to PKCS#12 CURLOPT_SSLKEY = path to PKCS#12 CURLOPT_SSLKEYPASSWD = key for PKCS#12 if needed Basically, just use a PKCS#12 format client certificate and private key against some certificate protected web server. - Regression Potential: If it could possibly break anything, which is - extraordinarily unlikely, it would break one of the three client - certificate formats (most likely PKCS#12 but also PEM or DER). Note 1/3 - formats is already broken due to the bug. Client certificates of all - three types could be checked to prevent this. + [Regression Potential] + + If it could possibly break anything, which is extraordinarily unlikely, + it would break one of the three client certificate formats (most likely + PKCS#12 but also PEM or DER). Note 1/3 formats is already broken due to + the bug. Client certificates of all three types could be checked to + prevent this.
** Tags added: trusty -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/1556330 Title: upstream curl bug #1371: p12 client certificates code is broken Status in curl package in Ubuntu: Fix Released Bug description: [Impact] The bug makes it impossible to use PKCS#12 secure storage of client certificates and private keys with any affected Ubuntu releases. The fix is one line fixing a broken switch statement and was already tested against Ubuntu 14.04 LTS with a rebuilt curl package. This was fixed in upstream libcurl in the following bug: https://sourceforge.net/p/curl/bugs/1371/ The bug fix consists of one missing break statement at the end of a case in a switch statement. I personally patched the bug using source code release curl_7.35.0-1ubuntu2.6.dsc, used in Ubuntu 14.04 LTS, and verified it does indeed fix the bug and all of the package's tests still pass afterwards. [Test Case] The bug can be reproduced using the following libcurl parameters (even via CLI, pycurl, etc.). CURLOPT_SSLCERTTYPE == "P12" CURLOPT_SSLCERT = path to PKCS#12 CURLOPT_SSLKEY = path to PKCS#12 CURLOPT_SSLKEYPASSWD = key for PKCS#12 if needed Basically, just use a PKCS#12 format client certificate and private key against some certificate protected web server. [Regression Potential] If it could possibly break anything, which is extraordinarily unlikely, it would break one of the three client certificate formats (most likely PKCS#12 but also PEM or DER). Note 1/3 formats is already broken due to the bug. Client certificates of all three types could be checked to prevent this. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1556330/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
