[Bug 1055773] [NEW] Postfix/openssl not accepting Signature Algorithm: sha512WithRSAEncryption

Hadmut Danisch hadmut at danisch.de
Mon Sep 24 20:52:31 UTC 2012 

Public bug reported:

Hi,

since we recently upgraded a mail server to latest ubuntu packages the
mailserver does not accept certificates recently generated with openssl
anymore.

When trying to connect with SMTP-TLS and client-cert, the server aborts
and logs to mail.log:

Sep 24 22:40:37 mail postfix/smtpd[17022]: warning: TLS library problem:
17022:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown
message digest algorithm:a_verify.c:146:


It works with older certificates using 
    Signature Algorithm: sha1WithRSAEncryption
but not anymore with newer ones using 
    Signature Algorithm: sha512WithRSAEncryption


regards

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: libssl0.9.8 0.9.8k-7ubuntu8.13
ProcVersionSignature: Ubuntu 2.6.32-42.95-generic-pae 2.6.32.59+drm33.24
Uname: Linux 2.6.32-42-generic-pae i686
Architecture: i386
Date: Mon Sep 24 22:42:25 2012
InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release i386 (20100816.2)
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/usr/bin/tcsh
SourcePackage: openssl

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug i386 lucid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1055773

Title:
  Postfix/openssl not accepting Signature Algorithm:
  sha512WithRSAEncryption

Status in “openssl” package in Ubuntu:
  New

Bug description:
  Hi,

  since we recently upgraded a mail server to latest ubuntu packages the
  mailserver does not accept certificates recently generated with
  openssl anymore.

  When trying to connect with SMTP-TLS and client-cert, the server
  aborts and logs to mail.log:

  Sep 24 22:40:37 mail postfix/smtpd[17022]: warning: TLS library
  problem: 17022:error:0D0C50A1:asn1 encoding
  routines:ASN1_item_verify:unknown message digest
  algorithm:a_verify.c:146:

  
  It works with older certificates using 
      Signature Algorithm: sha1WithRSAEncryption
  but not anymore with newer ones using 
      Signature Algorithm: sha512WithRSAEncryption

  
  regards

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: libssl0.9.8 0.9.8k-7ubuntu8.13
  ProcVersionSignature: Ubuntu 2.6.32-42.95-generic-pae 2.6.32.59+drm33.24
  Uname: Linux 2.6.32-42-generic-pae i686
  Architecture: i386
  Date: Mon Sep 24 22:42:25 2012
  InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release i386 (20100816.2)
  ProcEnviron:
   LANG=en_US.UTF-8
   SHELL=/usr/bin/tcsh
  SourcePackage: openssl

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1055773/+subscriptions

More information about the foundations-bugs mailing list