#46499 closed update (fixed)
Security Update: openssl 1.0.1k
Reported by: | Schamschula (Marius Schamschula) | Owned by: | mww@… |
---|---|---|---|
Priority: | High | Milestone: | |
Component: | ports | Version: | 2.3.3 |
Keywords: | haspatch | Cc: | neverpanic (Clemens Lang) |
Port: | openssl |
Description
openssl has been updated to version 1.0.1k. See http://www.openssl.org/news/secadv_20150108.txt for details.
Attachments (1)
Change History (9)
Changed 10 years ago by Schamschula (Marius Schamschula)
Attachment: | Portfile-openssl.diff added |
---|
comment:1 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
Cc: | mww@… removed |
---|---|
Owner: | changed from macports-tickets@… to mww@… |
comment:2 Changed 10 years ago by neverpanic (Clemens Lang)
Cc: | cal@… added |
---|---|
Priority: | Normal → High |
comment:3 Changed 10 years ago by neverpanic (Clemens Lang)
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:4 Changed 10 years ago by mouse07410 (Mouse)
openssl 1.0.1k update breaks certificate signature. Mac OS X 10.9.5, Xcode-6.1.1.
$ openssl verify -verbose -CAfile Forest_CA.pem RabbitMQ-server.pem RabbitMQ-server.pem: CN = RabbitMQ-server, O = The Burrow, OU = Messengers, C = US error 7 at 0 depth lookup:certificate signature failure $ openssl version OpenSSL 1.0.1k 8 Jan 2015 $ /usr/bin/openssl verify -verbose -CAfile Forest_CA.pem RabbitMQ-server.pem RabbitMQ-server.pem: OK $ /usr/bin/openssl version OpenSSL 0.9.8za 5 Jun 2014 $
This does not happen with each and every certificate, but with many. I'd be happy to provide more info, if you tell me what kind of info would help you diagnose and fix this problem.
comment:5 follow-up: 6 Changed 10 years ago by mouse07410 (Mouse)
Resolution: | fixed |
---|---|
Status: | closed → reopened |
comment:6 Changed 10 years ago by larryv (Lawrence Velázquez)
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
The port was updated to 1.0.1k, so this ticket should remain closed. Please open a new ticket for your new problem.
comment:7 Changed 10 years ago by neverpanic (Clemens Lang)
Also, in your new ticket, please attach certificate files that can be used to reproduce the problem, mention this is a regression and put me in the Cc list. Did you report this upstream yet, because it doesn't look like an issue limited to MacPorts only.
comment:8 Changed 10 years ago by mouse07410 (Mouse)
Done. New ticket is #46596 https://trac.macports.org/ticket/46596, and I've put cal on the Cc list.
Haven't reported this upstream because I've no clue what upstream is, and how to report there.
r131360.