Package: libssl1.0.0 Version: 1.0.1k-2, 1.0.1e-2+deb7u15 Severity: important
After updating to the latest openssl versions in Debian, the voms client tools no longer work. With the current openssl 1.0.1k-1: ellert@debian-unstable:~$ voms-proxy-init2 --voms atlas Enter GRID pass phrase: Your identity: /DC=org/DC=terena/DC=tcs/C=SE/O=Uppsala University/CN=Mattias Ellert [email protected] Creating temporary proxy ....................................................................... Done Contacting lcg-voms2.cern.ch:15001 [/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch] "atlas" Done Creating proxy .............................................................................................................. Done Your proxy is valid until Tue Mar 24 22:01:16 2015 Error: verify failed. AC not present in credentials. ellert@debian-unstable:~$ voms-proxy-info2 --all WARNING: Unable to verify signature! Server certificate possibly not installed. Error: AC not present in credentials. subject : /DC=org/DC=terena/DC=tcs/C=SE/O=Uppsala University/CN=Mattias Ellert [email protected]/CN=proxy issuer : /DC=org/DC=terena/DC=tcs/C=SE/O=Uppsala University/CN=Mattias Ellert [email protected] identity : /DC=org/DC=terena/DC=tcs/C=SE/O=Uppsala University/CN=Mattias Ellert [email protected] type : proxy strength : 1024 bits path : /tmp/x509up_u1000 timeleft : 11:59:53 key usage : Digital Signature, Key Encipherment With the previous openssl 1.0.1k-1: ellert@debian-unstable:~$ LD_LIBRARY_PATH=/home/ellert/openssl-1.0.1k-1/usr/lib/x86_64-linux-gnu voms-proxy-init2 --voms atlas Enter GRID pass phrase: Your identity: /DC=org/DC=terena/DC=tcs/C=SE/O=Uppsala University/CN=Mattias Ellert [email protected] Creating temporary proxy ............................................................. Done Contacting voms2.cern.ch:15001 [/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch] "atlas" Done Creating proxy .......................................................................................................... Done Your proxy is valid until Tue Mar 24 22:01:51 2015 ellert@debian-unstable:~$ LD_LIBRARY_PATH=/home/ellert/openssl-1.0.1k-1/usr/lib/x86_64-linux-gnu voms-proxy-info2 --all subject : /DC=org/DC=terena/DC=tcs/C=SE/O=Uppsala University/CN=Mattias Ellert [email protected]/CN=proxy issuer : /DC=org/DC=terena/DC=tcs/C=SE/O=Uppsala University/CN=Mattias Ellert [email protected] identity : /DC=org/DC=terena/DC=tcs/C=SE/O=Uppsala University/CN=Mattias Ellert [email protected] type : proxy strength : 1024 bits path : /tmp/x509up_u1000 timeleft : 11:59:50 key usage : Digital Signature, Key Encipherment === VO atlas extension information === VO : atlas subject : /DC=org/DC=terena/DC=tcs/C=SE/O=Uppsala University/CN=Mattias Ellert [email protected] issuer : /DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch attribute : /atlas/Role=NULL/Capability=NULL attribute : /atlas/lcg1/Role=NULL/Capability=NULL attribute : /atlas/se/Role=NULL/Capability=NULL attribute : nickname = ellert (atlas) timeleft : 11:59:51 uri : voms2.cern.ch:15001 Investigations have shown that the problem is introduced by the patch 0003-Free-up-passed-ASN.1-structure-if-reused.patch that was added in the latest openssl updates 1.0.1k-2 and 1.0.1e-2+deb7u15: https://sources.debian.net/src/openssl/1.0.1k-2/debian/patches/0003-Free-up-passed-ASN.1-structure-if-reused.patch/ https://sources.debian.net/src/openssl/1.0.1e-2%2Bdeb7u15/debian/patches/0003-Free-up-passed-ASN.1-structure-if-reused.patch/ Mattias Ellert
signature.asc
Description: This is a digitally signed message part
