[Pkg-openssl-devel] Bug#774882: Bug#774882: openssl: fail to verify some sites when 1024bit root CAs removed
Kurt Roeckx
kurt at roeckx.be
Thu Jan 8 19:30:55 UTC 2015
On Fri, Jan 09, 2015 at 12:24:03AM +0900, Hiroyuki YAMAMORI wrote:
> Package: openssl
> Version: 1.0.1j-1
> Severity: normal
>
> Dear Maintainer,
>
> To avoid security weakness, when 1024-bit RSA root CAs removed,
> verify error occurs in some sites with cross root CA.
>
> I've seen following,
> https://bugzilla.mozilla.org/show_bug.cgi?id=986005#c4
>
> And fixed patch is following,
> http://rt.openssl.org/Ticket/Display.html?id=3637&user=guest&pass=guest
> [PATCH] x509: skip certs if in alternative cert chain
That patch will not be accepted. But upstream is working on a
different patch.
Kurt
More information about the Pkg-openssl-devel
mailing list