[Pkg-openssl-devel] Delivery problem

Wed Jun 1 11:37:11 UTC 2011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello,

when I add a mail to an openssl bug I get the following delivery failure
message back.

- ----- Forwarded message from PostMaster at mms.metropcs.net -----

Date: Wed, 1 Jun 2011 06:21:44 -0500 (added by postmaster at mms20.mms.metropcs.net)
From: PostMaster at mms.metropcs.net
To: Klaus at Ethgen.de
X-Received-From: Klaus
Subject: Delivery Status Notification

Your message was not delivered successfully.

  Subject:   Bug#628780: Wrong hash link to cacert.org.pem and wron certificat hash handling at all
  Sent:      Wed, 1 Jun 2011 12:12:52 +0100

 The message could not be delivered to the following recipient:
 13054505829 at mymetropcs.com

Final-Recipient: rfc822; 13054505829 at mymetropcs.com
Action: failed
Status: 5.0.0

Date: Wed, 1 Jun 2011 12:12:52 +0100
From: Klaus Ethgen <Klaus at Ethgen.de>
To: 3054505829 at mymetropcs.com
Subject: Bug#628780: Wrong hash link to cacert.org.pem and wron certificat
 hash handling at all

And a last version of my patch that also handles clean the duplicated
certs. (ca-certificates.crt is always a problem but do not handle
special in this patch.)

Regards
   Klaus
- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C

- --- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -122,34 +122,50 @@ sub link_hash_cert {
 		my $fname = $_[0];
 		my $hashopt = $_[1] || '-subject_hash';
 		$fname =~ s/'/'\\''/g;
- -		my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
- -		chomp $hash;
- -		chomp $fprint;
- -		$fprint =~ s/^.*=//;
- -		$fprint =~ tr/://d;
- -		my $suffix = 0;
- -		# Search for an unused hash filename
- -		while(exists $hashlist{"$hash.$suffix"}) {
- -			# Hash matches: if fingerprint matches its a duplicate cert
- -			if($hashlist{"$hash.$suffix"} eq $fprint) {
- -				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
- -				return;
- -			}
- -			$suffix++;
- -		}
- -		$hash .= ".$suffix";
- -		print "$fname => $hash\n";
- -		$symlink_exists=eval {symlink("",""); 1};
- -		if ($symlink_exists) {
- -			symlink $fname, $hash;
- -		} else {
- -			open IN,"<$fname" or die "can't open $fname for read";
- -			open OUT,">$hash" or die "can't open $hash for write";
- -			print OUT <IN>;	# does the job for small text files
- -			close OUT;
- -			close IN;
- -		}
- -		$hashlist{$hash} = $fprint;
+		open my $in_fh, '<', $fname or die "can't open $fname for read";
+		my $cert = eval {local $/ = undef; <$in_fh>};
+		close $in_fh;
+		OUTERLOOP:
+		while ($cert =~ /^(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)$/gms)
+		{
+		   my $part = $1;
+		   my $tfile = `tempfile`;
+		   chomp $tfile;
+		   open my $tfile_fh, '>', $tfile or die "can't open $tfile for write";
+		   print {$tfile_fh} "$part\n";
+		   close $tfile_fh;
+
+		   my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$tfile"`;
+		   chomp $hash;
+		   chomp $fprint;
+		   $fprint =~ s/^.*=//;
+		   $fprint =~ tr/://d;
+		   my $suffix = 0;
+		   # Search for an unused hash filename
+		   while(exists $hashlist{"$hash.$suffix"}) {
+			   # Hash matches: if fingerprint matches its a duplicate cert
+			   if($hashlist{"$hash.$suffix"} eq $fprint) {
+				   print STDERR "WARNING: Skipping duplicate certificate $fname\n";
+				   unlink $tfile;
+				   next OUTERLOOP;
+			   }
+			   $suffix++;
+		   }
+		   $hash .= ".$suffix";
+		   print "$fname => $hash\n";
+		   $symlink_exists=eval {symlink("",""); 1};
+		   if ($symlink_exists) {
+			   symlink $fname, $hash;
+		   } else {
+			   open IN,"<$tfile" or die "can't open $tfile for read";
+			   open OUT,">$hash" or die "can't open $hash for write";
+			   print OUT <IN>;	# does the job for small text files
+			   close OUT;
+			   close IN;
+		   }
+		   $hashlist{$hash} = $fprint;
+		   unlink $tfile;
+		} ## end while ($cert =~ /^(-----BEGIN ...
 }
 
 sub link_hash_cert_old {





- ----- End forwarded message -----
Regards
   Klaus
- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQGcBAEBCgAGBQJN5iRkAAoJEK8RO3RE9oVx+kEMAI9ISnAgSqX5AiJ5vx7IaDZj
Xc3ZN3bq41gneluyJ5i050qIPZZoxA36prorey+p1ZRVbNWvjLEVAH1MOr1oerB1
JWUTjmcgCF6+stJqwgWJ0P+oz3Qd/JCFTD0ezqPRlktaaTDHyb56pOJX+dDI3WM2
K6IGLrHbTxvnrMz07FFG6d7IgXP5soEtZadZzz8CaM7cWUnjrAeoW2o4t8OhrgNI
a/e4EAu20qEEKFyLMv42NYM+8S/wdvgmsvS0gSzgUYQNN4/ce76HrWH6wZy00r84
BHoPk0pylWeKkdgXXNq1tdRQ+KaxUk3BCveTVLUwqWZ+hhc911igYSH7ygCaXXJM
96okXXxOZOFdpG/RZh2C6G5luUNgaWu2KG2+wLKxLercdyz/MkSDPv58FKuAoXv0
fjXVILJM9aXGIZq//CWgwnuR6vDJRB/sSI3go/HSXBuoR5YrY1ARIKXOyFXhVGcM
/xnPxZT8y26nK7595YR2/QqeN6Y1hJRCdCvMUZrr0w==
=P1MH
-----END PGP SIGNATURE-----

