[Pkg-openssl-devel] Bug#404700: openssl: get into endless loop when
e-mail address is too long
Marc Haber
mh+debian-bugs at zugschlus.de
Wed Dec 27 15:30:43 UTC 2006
Package: openssl
Version: 0.9.8c-4
Severity: normal
Hi,
when using easyrsa 2.0 to create a certificate request, openssl gets
in an endless loop, printing "string is too long, it needs to be less
than 40 bytes long" in a - pretty fast - endless loop.
To reproduce: have openvpn 2.0.9-3 installed
export KEY_DIR="$(pwd)/keys"
export KEY_SIZE=1024
export KEY_COUNTRY="DE"
export KEY_PROVINCE=""
export KEY_CITY=""
export KEY_ORG="ACME"
export KEY_EMAIL="12345678901234567890123456789012345 at example"
export KEY_OU=""
export KEY_CN="foo"
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
openssl req -batch -days 3650 -nodes -new -newkey rsa:1024 -keyout scyw00225.key -out scyw00225.csr -config /usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf
This endless loop of error message can be remedied by chosing a
shorter mail address.
Two issues here:
(1) openssl should never get into an endless loop regardless of what
garbage it is presented on input.
(2) openssl should say _WHICH_ string is too long.
Greetings
Marc
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19.1-zgsrv
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Versions of packages openssl depends on:
ii libc6 2.3.6.ds1-9 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8c-4 SSL shared libraries
ii zlib1g 1:1.2.3-13 compression library - runtime
openssl recommends no packages.
-- no debconf information
More information about the Pkg-openssl-devel
mailing list