[Bug 213607] New: openssl-update breaks certificate validation
https://bugzilla.novell.com/show_bug.cgi?id=213607 Summary: openssl-update breaks certificate validation Product: SUSE Linux 10.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: sven.burmeister@gmx.net QAContact: qa@suse.de After today's update of openssl, kmail and konqueror do not validate certificates anymore. Although the certificate is still valid (until 2007) it is shown as outdated. Since this worked before and there were no KDE-updates in the last days, I do not think it is a KDE issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 martin.lasarsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |poeml@novell.com |screening@forge.provo.novell| |.com | ------- Comment #1 from martin.lasarsch@novell.com 2006-10-19 09:38 MST ------- Peter can you look at this please? If it's not an openssl issue, please reassign, thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 poeml@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |sven.burmeister@gmx.net ------- Comment #2 from poeml@novell.com 2006-10-19 11:44 MST ------- How to reproduce? Any server I can use to reproduce the problem? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 sven.burmeister@gmx.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|sven.burmeister@gmx.net | ------- Comment #3 from sven.burmeister@gmx.net 2006-10-19 11:54 MST ------- I use konqueror from 3.5.5 and it fails to validate the certificate for bugzilla.novell.com. It shows the date correctly, but also that it is outdated. Signing in at ebay is the same. I'll provide a screenshot. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 ------- Comment #4 from sven.burmeister@gmx.net 2006-10-19 11:59 MST ------- In .ysession-errors I find: kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: PKCS7_content_free kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: OpenSSL_add_all_algorithms kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: OPENSSL_add_all_algorithms kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: OpenSSL_add_all_algorithms_conf kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: PKCS7_content_free kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: OpenSSL_add_all_algorithms kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: OPENSSL_add_all_algorithms kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: OpenSSL_add_all_algorithms_conf kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: PKCS7_content_free kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: OpenSSL_add_all_algorithms kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: OPENSSL_add_all_algorithms kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8: undefined symbol: OpenSSL_add_all_algorithms_conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 ------- Comment #5 from sven.burmeister@gmx.net 2006-10-19 12:01 MST ------- Created an attachment (id=102063) --> (https://bugzilla.novell.com/attachment.cgi?id=102063&action=view) screenshot of certificate that did not fail before the openssl update -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 poeml@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |sven.burmeister@gmx.net ------- Comment #6 from poeml@novell.com 2006-10-19 12:27 MST ------- Thanks, the error message is helpful. Can you please give me the output of uname -a rpm -q openssl rpm -q --qf %{name}\\\ %{distribution}\\\n openssl rpm -V openssl rpm -qa --last | grep openssl rpm -qa --last | head -20 Thanks. And do you happen to know which openssl package was installed before? Had you installed the update before (from Sept 28, openssl-0.9.8a-18.10 I believe)? How did you update: with YOU? If so, it would be magnificent if you could also attach a tarball of /var/log/YaST2/. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 ------- Comment #7 from meissner@novell.com 2006-10-19 12:34 MST ------- the errors in #c4 are OK and expected. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 sven.burmeister@gmx.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|sven.burmeister@gmx.net | ------- Comment #8 from sven.burmeister@gmx.net 2006-10-19 12:40 MST ------- I always update using zmd and I had all updates installed, so whichever update preceded this one, it was installed if it was shown in zmd. uname -a Linux pc192s 2.6.16.21-0.25-default #1 Tue Sep 19 07:26:15 UTC 2006 i686 athlon i386 GNU/Linux rpm -q openssl openssl-0.9.8a-18.13 rpm -q --qf %{name}\\\ %{distribution}\\\n openssl openssl SUSE LINUX 10.1 (i586) rpm -V openssl does not give any output rpm -qa --last | grep openssl openssl-devel-0.9.8a-18.13 Do 19 Okt 2006 10:10:07 CEST openssl-0.9.8a-18.13 Do 19 Okt 2006 10:09:34 CEST compat-openssl097g-0.9.7g-13.5 Do 19 Okt 2006 10:09:01 CEST python-openssl-0.6-17 Di 05 Sep 2006 20:38:31 CEST rpm -qa --last | grep openssl openssl-devel-0.9.8a-18.13 Do 19 Okt 2006 10:10:07 CEST openssl-0.9.8a-18.13 Do 19 Okt 2006 10:09:34 CEST compat-openssl097g-0.9.7g-13.5 Do 19 Okt 2006 10:09:01 CEST python-openssl-0.6-17 Di 05 Sep 2006 20:38:31 CEST pc192s:/home/rabauke # rpm -qa --last | head -20 openssl-devel-0.9.8a-18.13 Do 19 Okt 2006 10:10:07 CEST opera-9.02-4.1 Do 19 Okt 2006 10:10:00 CEST openssl-0.9.8a-18.13 Do 19 Okt 2006 10:09:34 CEST compat-openssl097g-0.9.7g-13.5 Do 19 Okt 2006 10:09:01 CEST libzypp-1.3.2-0.9 Di 17 Okt 2006 05:55:16 CEST yast2-sound-2.13.11.1-0.2 Mo 16 Okt 2006 15:53:16 CEST hplip-1.6.9-5.pm.1 Mo 16 Okt 2006 15:52:01 CEST hplip-hpijs-1.6.9-5.pm.1 Mo 16 Okt 2006 15:44:50 CEST amarok-1.4.4-4.1 Mo 16 Okt 2006 11:51:31 CEST amarok-xine-1.4.4-4.1 Mo 16 Okt 2006 11:50:23 CEST libxine1-devel-1.1.2cvs-20061015.pm.0 Mo 16 Okt 2006 11:50:18 CEST jack-devel-0.102.20-0.pm.1 Mo 16 Okt 2006 11:42:47 CEST libxine1-1.1.2cvs-20061015.pm.0 Mo 16 Okt 2006 11:42:15 CEST jack-0.102.20-0.pm.1 Mo 16 Okt 2006 11:36:34 CEST koffice-illustration-1.6.0-7.1 Mo 16 Okt 2006 11:34:23 CEST koffice-database-1.6.0-7.1 Mo 16 Okt 2006 11:33:28 CEST rsibreak-0.8.0-2.1 Mo 16 Okt 2006 11:33:09 CEST koffice-1.6.0-7.1 Mo 16 Okt 2006 11:32:03 CEST kdenetwork3-InstantMessenger-3.5.5-7.3 Sa 14 Okt 2006 16:18:51 CEST skype-1.3.0.53-suse Sa 14 Okt 2006 12:44:14 CEST -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 poeml@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |sven.burmeister@gmx.net ------- Comment #9 from poeml@novell.com 2006-10-19 13:02 MST ------- Thanks. This looks all normal, too. Marcus says there was a recent kdelibs3 update. Indeed: * Thu Oct 12 2006 - stbinner@suse.de - add missing parts to fix-weak-ciphers.diff (#181169) [...] Could you please add 'rpm -qa --last | grep kde' ? And, have you restarted the machine after the kdelibs3 / openssl update? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 sven.burmeister@gmx.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|sven.burmeister@gmx.net | ------- Comment #10 from sven.burmeister@gmx.net 2006-10-19 13:13 MST ------- The last kdelibs update (build-service) is from 9.10. and everything worked fine after that. It started today. I installed the updates, it still worked. I rebooted, it stopped working. rpm -qa --last | grep kde kdenetwork3-InstantMessenger-3.5.5-7.3 Sa 14 Okt 2006 16:18:51 CEST qtcurve-kde-0.44.2-1.guru.suse101 Sa 14 Okt 2006 07:48:15 CEST kdepim3-kpilot-3.5.5-5.1 Fr 13 Okt 2006 23:04:50 CEST kdebase3-devel-3.5.5-17.1 Fr 13 Okt 2006 23:04:44 CEST kdepim3-sync-3.5.5-5.1 Fr 13 Okt 2006 23:04:43 CEST kdebase3-session-3.5.5-17.1 Fr 13 Okt 2006 23:04:40 CEST kdelibs3-devel-3.5.5-19.1 Fr 13 Okt 2006 23:04:37 CEST kdewebdev3-3.5.5-5.2 Fr 13 Okt 2006 23:04:10 CEST kdegames3-board-3.5.5-3.3 Fr 13 Okt 2006 23:03:41 CEST kdeaddons3-kate-3.5.5-7.2 Fr 13 Okt 2006 23:03:31 CEST kdebase3-nsplugin-3.5.5-17.1 Fr 13 Okt 2006 23:03:28 CEST kdeaddons3-konqueror-3.5.5-7.2 Fr 13 Okt 2006 23:03:26 CEST kdebindings3-ruby-3.5.5-32.1 Fr 13 Okt 2006 23:03:19 CEST kdegraphics3-fax-3.5.5-3.4 Fr 13 Okt 2006 23:03:14 CEST kdepim3-3.5.5-5.1 Fr 13 Okt 2006 23:02:39 CEST kdegames3-card-3.5.5-3.3 Fr 13 Okt 2006 23:02:05 CEST kdebase3-kdm-3.5.5-17.1 Fr 13 Okt 2006 23:02:02 CEST kdenetwork3-3.5.5-7.3 Fr 13 Okt 2006 23:01:51 CEST kdeutils3-3.5.5-3.4 Fr 13 Okt 2006 23:01:42 CEST kdepim3-networkstatus-3.5.5-5.1 Fr 13 Okt 2006 23:01:31 CEST kdegraphics3-3.5.5-3.4 Fr 13 Okt 2006 23:01:26 CEST kdeadmin3-3.5.5-3.4 Fr 13 Okt 2006 23:01:14 CEST kdenetwork3-vnc-3.5.5-7.3 Fr 13 Okt 2006 23:01:06 CEST kdelibs3-doc-3.5.5-19.1 Fr 13 Okt 2006 23:00:52 CEST kdegraphics3-extra-3.5.5-3.4 Fr 13 Okt 2006 23:00:02 CEST kdebindings3-3.5.5-32.1 Fr 13 Okt 2006 22:59:20 CEST kdeutils3-laptop-3.5.5-3.4 Fr 13 Okt 2006 22:58:24 CEST kdeartwork3-xscreensaver-3.5.5-3.2 Fr 13 Okt 2006 22:58:14 CEST kdegraphics3-scan-3.5.5-3.4 Fr 13 Okt 2006 22:57:18 CEST kdebase3-samba-3.5.5-17.1 Fr 13 Okt 2006 22:57:14 CEST kdegraphics3-pdf-3.5.5-3.4 Fr 13 Okt 2006 22:57:13 CEST kdebase3-3.5.5-17.1 Fr 13 Okt 2006 22:56:03 CEST kdemultimedia3-3.5.5-3.3 Fr 13 Okt 2006 22:54:47 CEST kdemultimedia3-CD-3.5.5-3.3 Fr 13 Okt 2006 22:53:58 CEST kdenetwork3-news-3.5.5-7.3 Fr 13 Okt 2006 22:53:45 CEST kdeutils3-extra-3.5.5-3.4 Fr 13 Okt 2006 22:52:47 CEST kdelibs3-devel-doc-3.5.5-1.3 Fr 13 Okt 2006 22:52:02 CEST kdebindings3-python-3.5.5-1.1 Fr 13 Okt 2006 22:44:26 CEST kdeaddons3-kicker-3.5.5-7.2 Fr 13 Okt 2006 22:44:09 CEST kdeartwork3-kscreensaver-3.5.5-3.2 Fr 13 Okt 2006 22:44:05 CEST kdelibs3-arts-3.5.5-19.1 Fr 13 Okt 2006 22:44:01 CEST kdegraphics3-kamera-3.5.5-3.4 Fr 13 Okt 2006 22:43:55 CEST kdemultimedia3-mixer-3.5.5-3.3 Fr 13 Okt 2006 22:43:49 CEST kdegraphics3-postscript-3.5.5-3.4 Fr 13 Okt 2006 22:42:45 CEST kdesdk3-3.5.5-3.4 Fr 13 Okt 2006 22:41:14 CEST kdegames3-3.5.5-3.3 Fr 13 Okt 2006 22:39:49 CEST kdemultimedia3-sound-3.5.5-3.3 Fr 13 Okt 2006 22:38:44 CEST kdelibs3-3.5.5-19.1 Fr 13 Okt 2006 22:36:05 CEST kdemultimedia3-arts-3.5.5-3.3 Fr 13 Okt 2006 22:28:23 CEST kde3-i18n-de-3.5.5-67.2 Fr 13 Okt 2006 22:28:08 CEST kdebase3-ksysguardd-3.5.5-17.1 Fr 13 Okt 2006 22:27:03 CEST kdeutils3-devel-3.5.5-3.4 Fr 13 Okt 2006 22:26:50 CEST kdeartwork3-sound-3.5.5-3.2 Fr 13 Okt 2006 22:26:50 CEST kdebase3-SuSE-10.1-58.11 Mi 27 Sep 2006 10:04:31 CEST kdesvn-0.9.3-2.1 So 17 Sep 2006 09:48:41 CEST kdebluetooth-0.0.svn20060413-24.1 Fr 15 Sep 2006 23:12:07 CEST kdetv-0.8.8-14.1 Mi 02 Aug 2006 22:34:01 CEST kdesvn-svnqt-0.9.1-0.pm.0 Mo 24 Jul 2006 07:26:48 CEST OpenOffice_org-kde-2.0.2-27.12 So 02 Jul 2006 11:44:02 CEST NetworkManager-kde-0.1r534534-4 Sa 06 Mai 2006 15:11:44 CEST -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 ------- Comment #11 from meissner@novell.com 2006-10-19 13:34 MST ------- and just mnaking sure, what is your system time: date -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 poeml@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |sven.burmeister@gmx.net ------- Comment #12 from poeml@novell.com 2006-10-19 13:37 MST ------- Your kdelibs3 is 3.5.5... that's not 10.1... is that from the buildservice? What is 'rpm -qi' and the latest changelog entry? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 ------- Comment #13 from sven.burmeister@gmx.net 2006-10-19 13:48 MST ------- Do Jan 31 07:20:15 CET 2002 was my date. Do not aks me how that came about. Must have been a coincidence with the re-boot. I guess that is the reason then? If so, sorry for the hassle. Next time I know that the date is something to check before filing certificate related bugs. Thanks for the patience. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 sven.burmeister@gmx.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|sven.burmeister@gmx.net | Resolution| |INVALID ------- Comment #14 from sven.burmeister@gmx.net 2006-10-19 13:48 MST ------- It was my fault. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=213607 ------- Comment #15 from poeml@novell.com 2006-10-19 13:53 MST ------- Anyhow, thanks for the report! And also for your quick help with it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com