[Bug 515659] New: can't read X.509 Certificate subjectAltName after opensssl update
http://bugzilla.novell.com/show_bug.cgi?id=515659 Summary: can't read X.509 Certificate subjectAltName after opensssl update Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: x86-64 OS/Version: openSUSE 11.1 Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: hdk@dkluenter.de QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.11) Gecko/2009060200 SUSE/3.0.11-0.1.1 Firefox/3.0.11 After updating openssl to openssl-0.9.8h-28.10.1 my TLS enabled clients can't read the subjectAltName attribute value of the X.509 server certificate anymore, which is vital for my HA environment. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=515659
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=515659
Guanjun He
http://bugzilla.novell.com/show_bug.cgi?id=515659
User gjhe@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c1
Guanjun He
http://bugzilla.novell.com/show_bug.cgi?id=515659
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=515659
User hdk@dkluenter.de added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c2
--- Comment #2 from Dieter Kluenter
http://bugzilla.novell.com/show_bug.cgi?id=515659
User gjhe@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c3
--- Comment #3 from Guanjun He
http://bugzilla.novell.com/show_bug.cgi?id=515659
User hdk@dkluenter.de added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c4
Dieter Kluenter
http://bugzilla.novell.com/show_bug.cgi?id=515659
User gjhe@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c5
Guanjun He
http://bugzilla.novell.com/show_bug.cgi?id=515659
User gjhe@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c6
Guanjun He
http://bugzilla.novell.com/show_bug.cgi?id=515659
Guanjun He
http://bugzilla.novell.com/show_bug.cgi?id=515659
User thomas@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c7
Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=515659
User thomas@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c8
--- Comment #8 from Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=515659
User hdk@dkluenter.de added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c9
--- Comment #9 from Dieter Kluenter
Can you give us an example code that cause the error (unable to access subjectAltName) and maybe a copy (same content but self-signed) of the cert, so we can reproduce it.
It has been the starttls function of all ldap clients, i.e. perl, python and C based. Unfortunately the complete certificate chain has been rebuild, so no old certificates are available anymore. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=515659
User rangelino@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c10
roberto angelino
http://bugzilla.novell.com/show_bug.cgi?id=515659
User meissner@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c11
--- Comment #11 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=515659
User gjhe@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c13
Guanjun He
http://bugzilla.novell.com/show_bug.cgi?id=515659
User thomas@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=515659#c14
Thomas Biege
participants (1)
-
bugzilla_noreply@novell.com