[Bug 1556330] Re: upstream curl bug #1371: p12 client certificates code is broken

Matthew Hall mhall at mhcomputing.net
Sat Mar 12 20:48:36 UTC 2016 

> On Mar 12, 2016, at 8:55 AM, LocutusOfBorg <costamagnagianfranco at yahoo.it> wrote:
> 
> unfortunately it doesn't seem to build.

It built perfectly when I modified the source for 14.04 LTS.

Also thanks for the more detailed stable release diff procedures. I did
read the stable release update page to write the original report but it
didn't explain the commands to run as a community member. Who has access
to add the additional procedures you wrote into the page? This would be
very helpful for other technical users without knowledge of the special
Debian and Ubuntu processes.

Matthew.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1556330

Title:
  upstream curl bug #1371: p12 client certificates code is broken

Status in curl package in Ubuntu:
  Fix Released
Status in curl source package in Trusty:
  Triaged

Bug description:
  [Impact]

  The bug makes it impossible to use PKCS#12 secure storage of client
  certificates and private keys with any affected Ubuntu releases. The
  fix is one line fixing a broken switch statement and was already
  tested against Ubuntu 14.04 LTS with a rebuilt curl package.

  This was fixed in upstream libcurl in the following bug:

  https://sourceforge.net/p/curl/bugs/1371/

  The bug fix consists of one missing break statement at the end of a
  case in a switch statement.

  I personally patched the bug using source code release
  curl_7.35.0-1ubuntu2.6.dsc, used in Ubuntu 14.04 LTS, and verified it
  does indeed fix the bug and all of the package's tests still pass
  afterwards.

  [Test Case]

  The bug can be reproduced using the following libcurl parameters (even
  via CLI, pycurl, etc.).

  CURLOPT_SSLCERTTYPE == "P12"
  CURLOPT_SSLCERT = path to PKCS#12
  CURLOPT_SSLKEY = path to PKCS#12
  CURLOPT_SSLKEYPASSWD = key for PKCS#12 if needed

  Basically, just use a PKCS#12 format client certificate and private
  key against some certificate protected web server.

  [Regression Potential]

  If it could possibly break anything, which is extraordinarily
  unlikely, it would break one of the three client certificate formats
  (most likely PKCS#12 but also PEM or DER). Note 1/3 formats is already
  broken due to the bug. Client certificates of all three types could be
  checked to prevent this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1556330/+subscriptions

More information about the Ubuntu-sponsors mailing list