Ubuntu
openssl package

openssl verify fails with "certificate signature failure"

Bug #1441461 reported by Bearice Ren
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

I have a intermediate certificate signed by my own CA, which works fine on other systems.
but openssl (1.0.1f-1ubuntu2.11) installed with apt-get will always fails with "certificate signature failure"

but openssl binary compiled myself with the same version of code (1.0.1f), works.

so i wonder if this is a bug of openssl?

certificate details and version info is at https://gist.github.com/bearice/e2dd5d4245472e1b3992

Tags: bot-comment
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1441461/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Bearice Ren (bearice)
affects: ubuntu → openssl (Ubuntu)
Revision history for this message
Adrien Nader (adrien) wrote :

I was able to reproduce your results but there aren't that many patches being applied at the moment and that makes the failure surprising. I didn't spot anything obvious in the certificates either but overall I think this bug needs a reproducer which covers the generation of the certificates because this is a very common worfklow and I'd be surprised it was completely broken without many people noticing.

Changed in openssl (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for openssl (Ubuntu) because there has been no activity for 60 days.]

Changed in openssl (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.