Ubuntu
openssl package

openssl: Expired certificates and recertification

Bug #6761 reported by Debian Bug Importer
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssl (Debian)
Fix Released
Unknown
openssl (Ubuntu)
Invalid
Medium
Fabio Massimo Di Nitto

Bug Description

Automatically imported from Debian bug report #176062
http://bugs.debian.org/176062

See original description
Revision history for this message
In , Christoph Martin (martin-uni-mainz) wrote : [Fwd: Bug#176062: openssl: Expired certificates and recertification]

Forwarded from Debian Bug Tracking

Christoph

Package: openssl
Version: 0.9.6g-10
Severity: normal
Tags: upstream

"openssl ca" refuses to certifiy a DN which has already been certified,
even though the old certificate has expired. As a result,
recertification requires an additional, IMHO unnecessary step.

-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux Login 2.4.18-xfs-1.1 #6 SMP Fri Jan 3 14:39:36 CET 2003 i686
Locale: LANG=C, LC_CTYPE=en_US

Versions of packages openssl depends on:
ii libc6 2.3.1-5 GNU C Library: Shared libraries an
ii libssl0.9.6 0.9.6g-10 SSL shared libraries
ii perl 5.8.0-14 Larry Wall's Practical Extraction

-- no debconf information

Revision history for this message
In , Christoph Martin (martin-uni-mainz) wrote : [Fwd: [openssl.org #448] [Fwd: Bug#176062: openssl: Expired certificates and recertification]]

FYI

[<email address hidden> - Fri Jan 10 15:09:40 2003]:

It's correct, recertification doesn't work very well. A change would however mean making a substantial change to the database (index.txt), which makes it too complicated to get into the 0.9.7 branch.

I'm planning to work on changing this behavior for 0.9.8. Therefore, I'll make sure this ticket has 0.9.8 as milestone.

--
Richard Levitte

Revision history for this message
In , Wichert Akkerman (wichert) wrote : Renewing certs does not work
Download full text (5.0 KiB)

severity 176062 serious
thanks

This bug still seems to be present and it is preventing me from renewing
the cert for Alioth:

[tornado;~/spi/CA]-113> openssl ca -out newcert.pem -infiles alioth.debian.org.csr
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./CA/private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'Indiana'
localityName :PRINTABLE:'Indianapolis'
organizationName :PRINTABLE:'Software in the Public Interest'
organizationalUnitName:PRINTABLE:'Debian'
commonName :PRINTABLE:'alioth.debian.org'
emailAddress :IA5STRING:'<email address hidden>'
Certificate is to be certified until Apr 9 11:03:40 2005 GMT (365 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2

All permissions are correct. An strace reveals that openssl is not even
trying to do anything on disk:

write(2, "Sign the certificate? [y/n]:", 28) = 28
getpid() = 8217
getpid() = 8217
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001a000
read(0, "y\n", 1024) = 2
getpid() = 8217
getpid() = 8217
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = 6
select(7, [6], NULL, NULL, {0, 10000}) = 1 (in [6], left {0, 10000})
read(6, "[..]", 32) = 32
close(6) = 0
getpid() = 8217
getpid() = 8217
getuid32() = 1000
getpid() = 8217
time(NULL) = 1081507779
getpid() = 8217
time([1081507779]) = 1081507779
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() ...

Read more...

Revision history for this message
In , Christoph Martin (martin-uni-mainz) wrote : [Fwd: [openssl.org #448] [Fwd: Bug#176062: openssl: Expired certificates and recertification]]

Hi Wichert,

upstream wants to fix the problem in version 0.9.8. But I don't know
when this will come. I try to find out, if there is a workaround.

Christoph

PS: Why do you think, this is a serious policy violation?

--
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail: <email address hidden>
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

[<email address hidden> - Fri Jan 10 15:09:40 2003]:

It's correct, recertification doesn't work very well. A change would however mean making a substantial change to the database (index.txt), which makes it too complicated to get into the 0.9.7 branch.

I'm planning to work on changing this behavior for 0.9.8. Therefore, I'll make sure this ticket has 0.9.8 as milestone.

--
Richard Levitte

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #176062
http://bugs.debian.org/176062

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Fri, 10 Jan 2003 00:31:01 +0100
From: Florian Weimer <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: openssl: Expired certificates and recertification

Package: openssl
Version: 0.9.6g-10
Severity: normal
Tags: upstream

"openssl ca" refuses to certifiy a DN which has already been certified,
even though the old certificate has expired. As a result,
recertification requires an additional, IMHO unnecessary step.

-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux Login 2.4.18-xfs-1.1 #6 SMP Fri Jan 3 14:39:36 CET 2003 i686
Locale: LANG=C, LC_CTYPE=en_US

Versions of packages openssl depends on:
ii libc6 2.3.1-5 GNU C Library: Shared libraries an
ii libssl0.9.6 0.9.6g-10 SSL shared libraries
ii perl 5.8.0-14 Larry Wall's Practical Extraction

-- no debconf information

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.4 KiB)

Message-ID: <email address hidden>
Date: Fri, 10 Jan 2003 14:58:26 +0100
From: Christoph Martin <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: [Fwd: Bug#176062: openssl: Expired certificates and recertification]

--------------enig7A778D497F6ADE3E5E907DFF
Content-Type: multipart/mixed; boundary="------------060806010900020503020102"

This is a multi-part message in MIME format.
--------------060806010900020503020102
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Forwarded from Debian Bug Tracking

Christoph

--------------060806010900020503020102
Content-Type: message/rfc822;
 name="Bug#176062: openssl: Expired certificates and recertification"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Bug#176062: openssl: Expired certificates and
 recertification"

Received: via dmail-2000(11) for martin; Fri, 10 Jan 2003 00:41:58 +0100 (CET)
Return-Path: <email address hidden>
Received: from lucy.verwaltung.uni-mainz.de (lucy.Verwaltung.Uni-Mainz.DE
 [134.93.144.162])
 by wintermute.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian -4) with
 ESMTP id h09Nfg0C031706
 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL)
 for <email address hidden>;
 Fri, 10 Jan 2003 00:41:42 +0100
Received: from mailgate2.zdv.Uni-Mainz.DE (mailgate2.zdv.Uni-Mainz.DE
 [134.93.8.57])
 by lucy.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian -4) with ESMTP id
 h09Nfgjb013023
 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
 for <email address hidden>;
 Fri, 10 Jan 2003 00:41:42 +0100
Received: from exfront1.zdv.uni-mainz.de (exfront1.zdv.Uni-Mainz.DE
 [134.93.8.75])
 by mailgate2.zdv.Uni-Mainz.DE (8.12.6/8.12.6) with ESMTP id
 h09Nffn9003257 for <email address hidden>;
 Fri, 10 Jan 2003 00:41:41 +0100 (MET)
Received: from spamgate2.zdv.Uni-Mainz.DE ([134.93.8.232]) by
 exfront1.zdv.uni-mainz.de with Microsoft SMTPSVC(5.0.2195.5329);
 Fri, 10 Jan 2003 00:41:41 +0100
Received: from mailgate3.zdv.Uni-Mainz.DE (mailgate3.zdv.Uni-Mainz.DE
 [134.93.130.78])
 by spamgate2.zdv.Uni-Mainz.DE (8.12.6/8.12.2) with ESMTP id
 h09NfcIs029138 for <email address hidden>;
 Fri, 10 Jan 2003 00:41:38 +0100 (MET)
Received: from master.debian.org (master.debian.org [65.125.64.135])
 by mailgate3.zdv.Uni-Mainz.DE (8.12.6/8.12.6) with ESMTP id
 h09NfbwU026296 for <email address hidden>;
 Fri, 10 Jan 2003 00:41:37 +0100 (MET)
Received: from debbugs by master.debian.org with local (Exim 3.12 1 (Debian))
 id 18WmAk-0000K5-00; Thu, 09 Jan 2003 17:33:14 -0600
X-Loop: <email address hidden>
Subject: Bug#176062: openssl: Expired certificates and recertification
Reply-To: Florian Weimer <email address hidden>, <email address hidden>
Resent-From: Florian Weimer <email address hidden>
Resent-To: <email address hidden>
Resent-CC: Christoph Martin <email address hidden>,
 <email address hidden>
Resent-Date: Thu, 09 Jan 2003 23:33:13 GMT
Resent-Message-ID: <email address hidden>
X-Debian-PR-Message: report 176062
X-Deb...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (4.8 KiB)

Message-ID: <email address hidden>
Date: Mon, 13 Jan 2003 17:59:04 +0100
From: Christoph Martin <email address hidden>
To: <email address hidden>
CC: <email address hidden>
Subject: [Fwd: [openssl.org #448] [Fwd: Bug#176062: openssl: Expired
 certificates and recertification]]

--------------enig0F18902F42B1F21D62F2122A
Content-Type: multipart/mixed; boundary="------------050608020606010300060204"

This is a multi-part message in MIME format.
--------------050608020606010300060204
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

FYI

--------------050608020606010300060204
Content-Type: message/rfc822;
 name="[openssl.org #448] [Fwd: Bug#176062: openssl: Expired
 certificates and recertification]"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="[openssl.org #448] [Fwd: Bug#176062: openssl: Expired
 certificates and recertification]"

Received: via dmail-2000(11) for martin; Mon, 13 Jan 2003 16:26:31 +0100 (CET)
Return-Path: <email address hidden>
Received: from lucy.verwaltung.uni-mainz.de (lucy.Verwaltung.Uni-Mainz.DE
 [134.93.144.162])
 by wintermute.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian -4) with
 ESMTP id h0DFQO0C016547
 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL)
 for <email address hidden>;
 Mon, 13 Jan 2003 16:26:25 +0100
Received: from mailgate1.zdv.Uni-Mainz.DE (mailgate1.zdv.Uni-Mainz.DE
 [134.93.8.56])
 by lucy.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian -4) with ESMTP id
 h0DFQLjb003183
 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
 for <email address hidden>;
 Mon, 13 Jan 2003 16:26:21 +0100
Received: from exfront2.zdv.uni-mainz.de (exfront2.zdv.Uni-Mainz.DE
 [134.93.8.76])
 by mailgate1.zdv.Uni-Mainz.DE (8.12.6/8.12.6) with ESMTP id
 h0DFQKe6017324 for <email address hidden>;
 Mon, 13 Jan 2003 16:26:20 +0100 (MET)
Received: from spamgate2.zdv.Uni-Mainz.DE ([134.93.8.232]) by
 exfront2.zdv.uni-mainz.de with Microsoft SMTPSVC(5.0.2195.5329);
 Mon, 13 Jan 2003 16:26:19 +0100
Received: from mailgate1.zdv.Uni-Mainz.DE (mailgate1.zdv.Uni-Mainz.DE
 [134.93.8.56])
 by spamgate2.zdv.Uni-Mainz.DE (8.12.6/8.12.2) with ESMTP id
 h0DFQEIs004085
 for <email address hidden>; Mon, 13 Jan 2003 16:26:14 +0100 (MET)
Received: from serv01.aet.tu-cottbus.de (serv01.aet.TU-Cottbus.De
 [141.43.132.161])
 by mailgate1.zdv.Uni-Mainz.DE (8.12.6/8.12.6) with ESMTP id
 h0DFQDe7017297
 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT)
 for <email address hidden>; Mon, 13 Jan 2003 16:26:13 +0100 (MET)
Received: from localhost (localhost [127.0.0.1])
 by serv01.aet.tu-cottbus.de (Postfix) with ESMTP
 id 14D533256; Mon, 13 Jan 2003 16:24:12 +0100 (MET)
Received: by serv01.aet.tu-cottbus.de (Postfix, from userid 29999)
 id BA0FE3254; Mon, 13 Jan 2003 16:24:07 +0100 (MET)
X-RT-Loop-Prevention: openssl.org
Message-Id: <email address hidden>
Subject: [openssl.org #448] [Fwd: Bug#176062: openssl: Expired certificates
 and recertification]
In-Reply-To: <email address hidden>
Managed-BY: RT 2.0.15 (http://bestpractical.com/rt/)
From: "Ric...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.2 KiB)

Message-ID: <email address hidden>
Date: Fri, 9 Apr 2004 13:11:55 +0200
From: Wichert Akkerman <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Renewing certs does not work

severity 176062 serious
thanks

This bug still seems to be present and it is preventing me from renewing
the cert for Alioth:

[tornado;~/spi/CA]-113> openssl ca -out newcert.pem -infiles alioth.debian.org.csr
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./CA/private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'Indiana'
localityName :PRINTABLE:'Indianapolis'
organizationName :PRINTABLE:'Software in the Public Interest'
organizationalUnitName:PRINTABLE:'Debian'
commonName :PRINTABLE:'alioth.debian.org'
emailAddress :IA5STRING:'<email address hidden>'
Certificate is to be certified until Apr 9 11:03:40 2005 GMT (365 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2

All permissions are correct. An strace reveals that openssl is not even
trying to do anything on disk:

write(2, "Sign the certificate? [y/n]:", 28) = 28
getpid() = 8217
getpid() = 8217
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001a000
read(0, "y\n", 1024) = 2
getpid() = 8217
getpid() = 8217
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = 6
select(7, [6], NULL, NULL, {0, 10000}) = 1 (in [6], left {0, 10000})
read(6, "[..]", 32) = 32
close(6) = 0
getpid() = 8217
getpid() = 8217
getuid32() = 1000
getpid() = 8217
time(NULL) = 1081507779
getpid() = 8217
time([1081507779]) = 1081507779
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 8217
getpid() = 821...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.3 KiB)

Message-ID: <email address hidden>
Date: Tue, 20 Apr 2004 12:03:56 +0200
From: Christoph Martin <email address hidden>
To: <email address hidden>
CC: <email address hidden>
Subject: [Fwd: [openssl.org #448] [Fwd: Bug#176062: openssl: Expired
 certificates and recertification]]

--------------enig025C4356ECEEE13F1D4E330E
Content-Type: multipart/mixed; boundary="------------070106000203030505010508"

This is a multi-part message in MIME format.
--------------070106000203030505010508
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi Wichert,

upstream wants to fix the problem in version 0.9.8. But I don't know
when this will come. I try to find out, if there is a workaround.

Christoph

PS: Why do you think, this is a serious policy violation?

--
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail: <email address hidden>
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

--------------070106000203030505010508
Content-Type: message/rfc822;
 name="[openssl.org #448] [Fwd: Bug#176062: openssl: Expired
 certificates and recertification]"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="[openssl.org #448] [Fwd: Bug#176062: openssl: Expired
 certificates and recertification]"

Received: via dmail-2000(11) for martin; Mon, 13 Jan 2003 16:26:31 +0100 (CET)
Return-Path: <email address hidden>
Received: from lucy.verwaltung.uni-mainz.de (lucy.Verwaltung.Uni-Mainz.DE
 [134.93.144.162])
 by wintermute.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian -4) with
 ESMTP id h0DFQO0C016547
 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL)
 for <email address hidden>;
 Mon, 13 Jan 2003 16:26:25 +0100
Received: from mailgate1.zdv.Uni-Mainz.DE (mailgate1.zdv.Uni-Mainz.DE
 [134.93.8.56])
 by lucy.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian -4) with ESMTP id
 h0DFQLjb003183
 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
 for <email address hidden>;
 Mon, 13 Jan 2003 16:26:21 +0100
Received: from exfront2.zdv.uni-mainz.de (exfront2.zdv.Uni-Mainz.DE
 [134.93.8.76])
 by mailgate1.zdv.Uni-Mainz.DE (8.12.6/8.12.6) with ESMTP id
 h0DFQKe6017324 for <email address hidden>;
 Mon, 13 Jan 2003 16:26:20 +0100 (MET)
Received: from spamgate2.zdv.Uni-Mainz.DE ([134.93.8.232]) by
 exfront2.zdv.uni-mainz.de with Microsoft SMTPSVC(5.0.2195.5329);
 Mon, 13 Jan 2003 16:26:19 +0100
Received: from mailgate1.zdv.Uni-Mainz.DE (mailgate1.zdv.Uni-Mainz.DE
 [134.93.8.56])
 by spamgate2.zdv.Uni-Mainz.DE (8.12.6/8.12.2) with ESMTP id
 h0DFQEIs004085
 for <email address hidden>; Mon, 13 Jan 2003 16:26:14 +0100 (MET)
Received: from serv01.aet.tu-cottbus.de (serv01.aet.TU-Cottbus.De
 [141.43.132.161])
 by mailgate1.zdv.Uni-Mainz.DE (8.12.6/8.12.6) with ESMTP id
 h0DFQDe7017297
 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT)
 for <email address hidden>; Mon, 13 Jan 2003 16:26:13 +0100 (MET)
Received: from localhost (localhost [127.0.0.1])
 by serv01.aet.tu-cottbus.de (Postfix) with ESMTP
 id 14D533256; M...

Read more...

Revision history for this message
Fabio Massimo Di Nitto (fabbione) wrote :

This is an upstream work in progress. Let's keep it as LATER for when it will be
fixed for real. In anycase all distros are affected by this problem.

Revision history for this message
In , Brian M. Carlson (sandals) wrote : Changing 176062 to important

-----BEGIN PGP SIGNED MESSAGE-----

severity 176062 important
thanks, control, and have a nice day

This bug is not severity serious; if you claim it is, please provide a
quote from policy. Thank you, and have a nice day.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQO2p3uWR/8lWBVPnAQEOXAgAkqx3OIYOFwShbUFXqHUkq8Adpmo4jTRq
gMW+jLwcWaM8oWOdBEquq9p1GXEZ9paMo9f/tIv9KVpsgR3yJBFVkyXw7qJetyfH
ijFTFbEoDMA7X7K0YS19Dt5SCMU4/JoY0yPcmo2vbRu6u/Dw7JbxK43r5l3tim+6
7C+ccZ/6GTmVJVGe+37UYBTZWGYJ1YmTZUKQfoC5EtJgSQJwzzS/teX8Rj/luEML
MPrUwpzlc9j9k6nYwWBrskT+t1/HdGv64X3NeDo8YUNo5x4OCpULG75lqPM576M8
2VjpiYlG/JNcaVByR1Gtt+TLF71JCwhitqrQ7n6QhuzsHcYVE/Xndg==
=WJXB
-----END PGP SIGNATURE-----

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Thu, 8 Jul 2004 20:08:44 +0000
From: "Brian M\. Carlson" <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: Changing 176062 to important

=2D----BEGIN PGP SIGNED MESSAGE-----

severity 176062 important
thanks, control, and have a nice day

This bug is not severity serious; if you claim it is, please provide a=20
quote from policy. Thank you, and have a nice day.
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQO2p3uWR/8lWBVPnAQEOXAgAkqx3OIYOFwShbUFXqHUkq8Adpmo4jTRq
gMW+jLwcWaM8oWOdBEquq9p1GXEZ9paMo9f/tIv9KVpsgR3yJBFVkyXw7qJetyfH
ijFTFbEoDMA7X7K0YS19Dt5SCMU4/JoY0yPcmo2vbRu6u/Dw7JbxK43r5l3tim+6
7C+ccZ/6GTmVJVGe+37UYBTZWGYJ1YmTZUKQfoC5EtJgSQJwzzS/teX8Rj/luEML
MPrUwpzlc9j9k6nYwWBrskT+t1/HdGv64X3NeDo8YUNo5x4OCpULG75lqPM576M8
2VjpiYlG/JNcaVByR1Gtt+TLF71JCwhitqrQ7n6QhuzsHcYVE/Xndg=3D=3D
=3DWJXB
=2D----END PGP SIGNATURE-----

Revision history for this message
Fabio Massimo Di Nitto (fabbione) wrote :

Changing resolution to avoid spam

Revision history for this message
In , Florian Weimer (fw) wrote : Update email address

submitter 106287 <email address hidden>
submitter 107374 <email address hidden>
submitter 137970 <email address hidden>
submitter 147527 <email address hidden>
submitter 150467 <email address hidden>
submitter 153467 <email address hidden>
submitter 157138 <email address hidden>
submitter 159478 <email address hidden>
submitter 160673 <email address hidden>
submitter 176056 <email address hidden>
submitter 176058 <email address hidden>
submitter 176062 <email address hidden>
submitter 181887 <email address hidden>
thanks

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Wed, 08 Sep 2004 13:46:58 +0200
From: Florian Weimer <email address hidden>
To: <email address hidden>
Subject: Update email address

submitter 106287 <email address hidden>
submitter 107374 <email address hidden>
submitter 137970 <email address hidden>
submitter 147527 <email address hidden>
submitter 150467 <email address hidden>
submitter 153467 <email address hidden>
submitter 157138 <email address hidden>
submitter 159478 <email address hidden>
submitter 160673 <email address hidden>
submitter 176056 <email address hidden>
submitter 176058 <email address hidden>
submitter 176062 <email address hidden>
submitter 181887 <email address hidden>
thanks

Revision history for this message
In , Phil Endecott (phil-zefcs-endecott) wrote : Seems fixed in 0.9.8b-2

This was fixed in 0.9.8.

You need to put "unique_subject = no" in the ca section of your
configuration file and it will let you have more than one certificate
for the same DN, i.e. a new one when your old one expires. (Search
for "subject" in the changelog.)

I suggest that this line is added to the default configuration file.

Phil.

Revision history for this message
john morimore (paradigmshifter1) wrote :

of course the people who are cracking me .did the same with any other O.S. I have tried..security soft or hard does not work..nor do new computers , O.S's etc etc...yhey could not do what they do without expired cert erc ??

Bug Watch Updater (bug-watch-updater)
Changed in openssl (Debian):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.