Bug ID 1208393
Summary OpenSSL 3.0.8 breaks PKITS test 4.1.5 (which requires DSA parameter inheritance)
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter otto.hollmann@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Indeed, just decoding the certificate fails:

> openssl x509 -noout -text -in ValidDSAParameterInheritanceTest5EE.crt
The output includes

>        Subject Public Key Info:
>            Public Key Algorithm: dsaEncryption
>            Unable to load Public Key
>40477373937F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../crypto/x509/x_pubkey.c:458:
>40477373937F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../crypto/x509/x_pubkey.c:458:
>        X509v3 extensions:

Upstream issues:
https://github.com/openssl/openssl/issues/20233
https://github.com/openssl/openssl/issues/20309

Also it causing build failure of qca:qt5 package and thus blocking release of
OpenSSL 3.0.8 with 8 CVE fixes.

You are receiving this mail because: