[Pkg-openssl-devel] Bug#907457: x509: Bad format "engine" must be PEM or DER CSR; (Certificate Signing Request) using openssl

Philipp Rosenberger p.rosenberger at linutronix.de
Tue Aug 28 08:54:37 BST 2018


Package: openssl
Version: 1.1.0f-3+deb9u2
Severity: important

Dear Maintainer,

There is a typo in the Code for the x509 options, which leads to the point that
no CAengine can be specified. With this bug a CA can't be stored on a smartcard
or something alike.

This bug has been fixed with 1.1.0g

Here is a upstream bug report:
https://github.com/openssl/openssl/issues/4366

The simple fix is here:
https://github.com/openssl/openssl/commit/bd6eba79d70677f891f1bb55b6f5bc5602c47cbc

And here for the 1.1.0 stable branch:
https://github.com/openssl/openssl/commit/b701fa8340944c2a0481457f96e7f38b03180c24



-- System Information:
Debian Release: 9.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel, armhf

Kernel: Linux 4.17.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages openssl depends on:
ii  libc6      2.24-11+deb9u3
ii  libssl1.1  1.1.0f-3+deb9u2

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20161130+nmu1+deb9u1

-- no debconf information



More information about the Pkg-openssl-devel mailing list