What | Removed | Added |
---|---|---|
Flags | needinfo?(otto.hollmann@suse.com) |
(In reply to Otto Hollmann from comment #0) > Indeed, just decoding the certificate fails: > > > openssl x509 -noout -text -in ValidDSAParameterInheritanceTest5EE.crt > The output includes > > > Subject Public Key Info: > > Public Key Algorithm: dsaEncryption > > Unable to load Public Key > >40477373937F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../crypto/x509/x_pubkey.c:458: > >40477373937F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../crypto/x509/x_pubkey.c:458: > > X509v3 extensions: > > Upstream issues: > https://github.com/openssl/openssl/issues/20233 > https://github.com/openssl/openssl/issues/20309 > > Also it causing build failure of qca:qt5 package and thus blocking release > of OpenSSL 3.0.8 with 8 CVE fixes. Hi Otto, just checked both upstream bugs. The first one (https://github.com/openssl/openssl/issues/20233) mentions that there will be no change in upstream, as a change according to the RFC 3279 might cause CVE-2023-0217. The second bug (https://github.com/openssl/openssl/issues/20309) was closed without change. Is there any chance that we could have openssl-3 3.0.8 available as it fixes various CVE's? Uninstalling libopenssl3 is currently no workaround, as it will remove hundreds of other packages.