[Pkg-openssl-devel] Bug#541735: Bug#541735: libssl0.9.8: unknown message digest algorithm error in heirloom-mailx
kurt at roeckx.be
Sun Aug 16 09:32:23 UTC 2009
On Sat, Aug 15, 2009 at 06:02:58PM -0700, Paul Vojta wrote:
> Package: libssl0.9.8
> Version: 0.9.8k-4
> Severity: important
> With the above version of libssl0.9.8, I get the following error output when
> trying to run heirloom-mailx:
> > % heirloom-mailx
> > Error with certificate at depth: 2 issuer = /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority subject = /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
> > err 7: certificate signature failure
> > Continue (y/n)? n
> > could not initiate SSL/TLS connection: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm
> This does not occur if I revert back to libssl0.9.8 version 0.9.8k-1.
This seems to be caused by the patch for CVE-2009-2409
which disabled the MD2 algorithm.
When trying to verify it, I get:
7915:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146:
So it seems that the verisign certificate is using MD2 for
something, but I can't find for what exactly.
More information about the Pkg-openssl-devel