openssl 1.1.0 incorrectly verifies certificates with permitted name constraints
Bug #1802125 reported by
Richard Hesketh
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Seen on 18.04.1 with openssl/libssl 1.1.0g-2ubuntu4.1
As per the issue on the openssl github at https:/
Specifically this is an issue in my case because I run an apache2 server that verifies client certificates on https connections and have discovered that some certificates are being rejected because an intermediate CA has DNS name constraints which are being unexpectedly applied to the CN of client certificates.
tags: | added: bionic |
To post a comment you must log in.
Since the versions currently in Ubuntu contain this fix, I'm going to mark this bug as Fix Released.