[Bug 1828215] Re: openssl ca -spkac output regressed
Dimitri John Ledkov
launchpad at surgut.co.uk
Wed Jun 12 17:09:21 UTC 2019
** Description changed:
[Impact]
- * openssl command line utility option parsing has regressed in 1.1.0i+
+ * openssl command line utility option parsing has regressed in 1.1.0i+
and produces binary output, where text output is expected, breaking
applications that parse that.
[Test Case]
- * OPENSSL_ENABLE_MD5_VERIFY=1 openssl ca -config test.openssl.cnf
- -passin stdin -batch -spkac input_file -startdate 190121130654Z
+ Setup CA:
+ $ apt install openssl
+ $ mkdir -p demoCA/private demoCA/newcerts
+ $ touch demoCA/index.txt
+ $ echo 01 > demoCA/serial
- Currently produces binary goop.
+ $ openssl req -new -x509 -days 365 -newkey rsa:4096 -keyout
+ demoCA/private/cakey.pem -out demoCA/cacert.pem
- Should produce PEM format Base64 encoded certificate data in a block surrounded
- with BEGIN/END certificate.
+ # Use password test
+ # Accept defaults for all other settings
+
+ $ openssl req -new -days 365 -newkey rsa:4096 -keyout demoCA/sslkey.pem
+ -out demoCA/sslcert.pem
+
+ Generate regular request / key:
+ # Use password test
+ # Set common name to: example.com
+ # Accept defaults for all other settings
+
+ Generate spkac request:
+ $ openssl spkac -key demoCA/sslkey.pem -out demoCA/sslcert.spkac
+ $ cat <<EOF >>demoCA/sslcert.spkac
+ countryName=AU
+ stateOrProvinceName=Some-State
+ organizationName=Internet Widgits Pty Ltd
+ commonName=example.com
+ EOF
+
+ Sign spkac request:
+ $ echo test | openssl ca -passin stdin -batch -spkac demoCA/sslcert.spkac -startdate 190121130654Z
+
+ Expected: pure text output
+ Unexpected: binary output for the signed cert
+
+
+ Currently produces binary goop.
+
+ Should produce PEM format Base64 encoded certificate data in a block surrounded
+ with BEGIN/END certificate.
[Regression Potential]
- * This is a regression in cosmic and up, and impeding regression in
+ * This is a regression in cosmic and up, and impeding regression in
bionic with the upcoming 1.1.1 SRU. A bugfix exists upstream.
[Other Info]
-
- * Originally reported https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/comments/39
+
+ * Originally reported
+ https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/comments/39
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1828215
Title:
openssl ca -spkac output regressed
Status in OpenSSL:
Fix Released
Status in openssl package in Ubuntu:
Fix Committed
Status in openssl source package in Bionic:
Fix Committed
Status in openssl source package in Cosmic:
Confirmed
Status in openssl source package in Disco:
Confirmed
Status in openssl source package in Eoan:
Fix Committed
Bug description:
[Impact]
* openssl command line utility option parsing has regressed in
1.1.0i+ and produces binary output, where text output is expected,
breaking applications that parse that.
[Test Case]
Setup CA:
$ apt install openssl
$ mkdir -p demoCA/private demoCA/newcerts
$ touch demoCA/index.txt
$ echo 01 > demoCA/serial
$ openssl req -new -x509 -days 365 -newkey rsa:4096 -keyout
demoCA/private/cakey.pem -out demoCA/cacert.pem
# Use password test
# Accept defaults for all other settings
$ openssl req -new -days 365 -newkey rsa:4096 -keyout
demoCA/sslkey.pem -out demoCA/sslcert.pem
Generate regular request / key:
# Use password test
# Set common name to: example.com
# Accept defaults for all other settings
Generate spkac request:
$ openssl spkac -key demoCA/sslkey.pem -out demoCA/sslcert.spkac
$ cat <<EOF >>demoCA/sslcert.spkac
countryName=AU
stateOrProvinceName=Some-State
organizationName=Internet Widgits Pty Ltd
commonName=example.com
EOF
Sign spkac request:
$ echo test | openssl ca -passin stdin -batch -spkac demoCA/sslcert.spkac -startdate 190121130654Z
Expected: pure text output
Unexpected: binary output for the signed cert
Currently produces binary goop.
Should produce PEM format Base64 encoded certificate data in a block surrounded
with BEGIN/END certificate.
[Regression Potential]
* This is a regression in cosmic and up, and impeding regression in
bionic with the upcoming 1.1.1 SRU. A bugfix exists upstream.
[Other Info]
* Originally reported
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/comments/39
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1828215/+subscriptions
More information about the foundations-bugs
mailing list