[Bug 1207123] Re: Key usage violation in certificate has been detected

Brian Murray brian at ubuntu.com
Thu Aug 15 21:47:00 UTC 2013 

Hello Adam, or anyone else affected,

Accepted gnutls26 into quantal-proposed. The package will build now and
be available at
http://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu4.4 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: gnutls26 (Ubuntu Quantal)
       Status: Triaged => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1207123

Title:
  Key usage violation in certificate has been detected

Status in “gnutls26” package in Ubuntu:
  Fix Released
Status in “gnutls26” source package in Precise:
  Triaged
Status in “gnutls26” source package in Quantal:
  Fix Committed

Bug description:
  [Impact]
  A certificate issued to allow _only_ a certain ciphersuite (e.g. RSA) gnutls will fail with a key usage violation unless the server explicitly disables all other ciphersuites.

  [Test Case]
  + On a 12.04 system install a valid certificate supporting only RSA
  + Configure an ssl enabled website via apache2 using the above certificate
  + Run gnutls-cli <hostname>

  [Regression Potential]
  The fix for this was pulled from 13.04 and so far no major bugs have been filed relating to this specific issue.

  [Additional]
  As stated above the attached debdiff(s) for quantal and precise were pulled from 13.04 where the code just ignores this violation and moves on. I don't know of a better way to handle this and perhaps someone with more knowledge around gnutls could provide more insight.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1207123/+subscriptions

More information about the foundations-bugs mailing list