[Pkg-openssl-devel] Bug#778308: libssl1.0.0: Certificate Signature verify failed
Marco Nietz
debbug at mnietz.de
Fri Feb 13 12:30:06 UTC 2015
Package: libssl1.0.0
Version: 1.0.1e-2+deb7u14
Severity: important
Dear Maintainer,
After upgrading to 1.0.1e-2+deb7u13 Client Certificate Verification failed.
Reproduce:
root at neo:~# apt-show-versions libssl1.0.0
libssl1.0.0/wheezy upgradeable from 1.0.1e-2+deb7u13 to 1.0.1e-2+deb7u14
root at neo:~# openssl verify -CAfile myCa.cer myClient.pem
myClient.pem: OK
root at neo:~# apt-get upgrade
root at neo:~# apt-show-versions libssl1.0.0
libssl1.0.0/wheezy uptodate 1.0.1e-2+deb7u14
root at neo:~# openssl verify -CAfile myCa.cer myClient.pem
myClient.pem: CN = My Client, emailAddress = someone at somewhere.local
error 7 at 0 depth lookup:certificate signature failure
As a workaround i keep the u13 version, but what can cause this error ?
We use this cerificate for client-authentication in nginx, which throws a comparable error
client SSL certificate verify error: (7:certificate signature failure)
Kind Regards
Marco
-- System Information:
Debian Release: 7.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libssl1.0.0 depends on:
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38+deb7u7
ii multiarch-support 2.13-38+deb7u7
ii zlib1g 1:1.2.7.dfsg-13
libssl1.0.0 recommends no packages.
libssl1.0.0 suggests no packages.
-- debconf information:
libssl1.0.0/restart-failed:
libssl1.0.0/restart-services:
More information about the Pkg-openssl-devel
mailing list