[Pkg-openssl-devel] Bug#613490: openssl: Large DH parm generation fail
root
12ukwn at gmail.com
Tue Feb 15 07:32:44 UTC 2011
Package: openssl
Version: 0.9.8o-5
Severity: important
Generating small DHs works for 512 & 1024 bits but fail for 4096 after 490 minutes (2048 untested.)
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.35.7 (PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libssl0.9.8 0.9.8o-5 SSL shared libraries
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20090814+nmu2 Common CA certificates
-- Configuration Files:
/etc/ssl/openssl.cnf changed:
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # Database index file.
# several certificates with the same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # The current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # Private random number file
x509_extensions = usr_cert # The extentions to add to the cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
default_days = 3652 # how long to certify for
default_crl_days = 1096 # how long before next CRL (Certificat Revocation List)
default_md = sha512
preserve = no # keep passed DN ordering
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 4096
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = ZZ
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = M31
localityName = Locality Name (eg, city)
localityName_default = Anywhere
0.organizationName = Organization Name (eg, company)
0.organizationName_default = FOKU (FOK U)
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = World institute of precambrian technologies
commonName = Common Name (eg, YOUR name)
commonName_max = 64
commonName_default = anubis.defcon1
emailAddress = Email Address
emailAddress_max = 64
emailAddress_default = pov-con at elysee.gouv.fr
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 16
challengePassword_max = 256
unstructuredName = An optional company name
[ usr_cert ]
basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true
[ crl_ext ]
authorityKeyIdentifier = keyid:always,issuer:always
[ proxy_cert_ext ]
basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
proxyCertInfo = critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
-- no debconf information
-- debsums errors found:
debsums: missing file /usr/share/doc/openssl/doc/apps/CA.pl.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/asn1parse.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/ca.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/ciphers.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/config.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/dsa.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/ec.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/ecparam.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/enc.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/ocsp.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/openssl.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/pkcs12.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/pkcs8.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/req.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/rsa.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/rsautl.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/s_client.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/s_server.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/s_time.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/smime.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/verify.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/x509.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/apps/x509v3_config.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/ASN1_generate_nconf.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/BIO_ctrl.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/BIO_f_ssl.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/BIO_s_accept.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/BIO_s_bio.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/BIO_s_connect.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/BIO_s_file.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/BIO_should_retry.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/BN_BLINDING_new.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/BN_add.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/DH_set_method.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/DSA_set_method.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/EVP_DigestInit.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/EVP_EncryptInit.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/OBJ_nid2obj.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/PKCS7_verify.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/RSA_get_ex_new_index.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/RSA_set_method.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/X509_NAME_print_ex.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/blowfish.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/bn.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/bn_internal.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/d2i_X509.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/des.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/des_modes.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/ecdsa.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/engine.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/err.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/lhash.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/pem.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/rand.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/rsa.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/threads.pod.gz (from openssl package)
debsums: missing file /usr/share/doc/openssl/doc/crypto/ui.pod.gz (from openssl package)
More information about the Pkg-openssl-devel
mailing list