On Sat, Aug 15, 2009 at 06:02:58PM -0700, Paul Vojta wrote: > Package: libssl0.9.8 > Version: 0.9.8k-4 > Severity: important > > With the above version of libssl0.9.8, I get the following error output when > trying to run heirloom-mailx: > > > % heirloom-mailx > > Error with certificate at depth: 2 issuer = /C=US/O=VeriSign, Inc./OU=Class > > 3 Public Primary Certification Authority subject = /C=US/O=VeriSign, > > Inc./OU=Class 3 Public Primary Certification Authority > > err 7: certificate signature failure > > Continue (y/n)? n > > could not initiate SSL/TLS connection: error:0D0C50A1:asn1 encoding > > routines:ASN1_item_verify:unknown message digest algorithm > > This does not occur if I revert back to libssl0.9.8 version 0.9.8k-1.
This seems to be caused by the patch for CVE-2009-2409 which disabled the MD2 algorithm. When trying to verify it, I get: 7915:error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm:a_verify.c:146: So it seems that the verisign certificate is using MD2 for something, but I can't find for what exactly. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
