Bug#855962: marked as done (acme-tiny: fail to parse openssl 1.1 CSR output)

Sun, 12 Mar 2017 01:21:42 -0800 

Your message dated Sun, 12 Mar 2017 09:18:34 +0000
with message-id <e1cmze6-0004dh...@fasolo.debian.org>
and subject line Bug#855962: fixed in acme-tiny 20160801-2
has caused the Debian Bug report #855962,
regarding acme-tiny: fail to parse openssl 1.1 CSR output
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
855962: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855962
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: acme-tiny
Version: 20160801-1
Severity: serious

openssl 1.1 slightly changed the way the Subject of a certificate
request is formated:

-        Subject: CN=foobar.domain.net
+        Subject: CN = foobar.domain.net

This causes acme-tiny to fail to get the domain from certificate requests
without SAN. This in turns causes the certificate signing to be rejected
by letsencrypt with error urn:acme:error:unauthorized unless it has been
validated relatively recently.

Here is a possible patch to make it compatible with both openssl 1.0 and
1.1:

--- a/acme_tiny.py
+++ b/acme_tiny.py
@@ -69,7 +69,7 @@
     if proc.returncode != 0:
         raise IOError("Error loading {0}: {1}".format(csr, err))
     domains = set([])
-    common_name = re.search(r"Subject:.*? CN=([^\s,;/]+)", out.decode('utf8'))
+    common_name = re.search(r"Subject:.*? CN\s*=\s*([^\s,;/]+)", 
out.decode('utf8'))
     if common_name is not None:
         domains.add(common_name.group(1))
     subject_alt_names = re.search(r"X509v3 Subject Alternative Name: \n 
+([^\n]+)\n", out.decode('utf8'), re.MULTILINE|re.DOTALL)


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages acme-tiny depends on:
ii  openssl                1.1.0d-2
ii  python3-pkg-resources  33.1.1-1
pn  python3:any            <none>

acme-tiny recommends no packages.

acme-tiny suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: acme-tiny
Source-Version: 20160801-2

We believe that the bug you reported is fixed in the latest version of
acme-tiny, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 855...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jeremías Casteglione <deb...@jrms.com.ar> (supplier of updated acme-tiny 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Mar 2017 09:51:34 +0100
Source: acme-tiny
Binary: acme-tiny
Architecture: source
Version: 20160801-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Let's Encrypt <letsencrypt-de...@lists.alioth.debian.org>
Changed-By: Jeremías Casteglione <deb...@jrms.com.ar>
Description:
 acme-tiny  - letsencrypt tiny Python client
Closes: 855962
Changes:
 acme-tiny (20160801-2) unstable; urgency=medium
 .
   * fix fail to parse openssl 1.1 CSR output (Closes: #855962)
     patch by: Aurelien Jarno <aure...@debian.org>
Checksums-Sha1:
 414aee74abd2afea1ed67bdfd613e1fbdc6ad1fd 2014 acme-tiny_20160801-2.dsc
 de0fca91cbea0c89832daba45cf16c60dd3b0526 10116 
acme-tiny_20160801-2.debian.tar.xz
 6414f9d13cc3339e976be28a307fa8ccd6c3ad41 4981 
acme-tiny_20160801-2_amd64.buildinfo
Checksums-Sha256:
 6a86b285e5c830db2b9de63b06c595224acb4d5beb2ef9366a86cc09b3bdc946 2014 
acme-tiny_20160801-2.dsc
 c4ee8400a61f0246a602d8a09d8f4159c858f4c5d412449b0fc3b57dc82efadc 10116 
acme-tiny_20160801-2.debian.tar.xz
 06d1887bcab42eb7144a065bf0e5348677e85aa56afe1cb1b9f69622a3c03822 4981 
acme-tiny_20160801-2_amd64.buildinfo
Files:
 d2440bd81734a3dedd8fd3033c87f36b 2014 utils optional acme-tiny_20160801-2.dsc
 b060fe851b4f4f7831ae682637b26f09 10116 utils optional 
acme-tiny_20160801-2.debian.tar.xz
 077a358aae8ece536b9325ef38ea19ee 4981 utils optional 
acme-tiny_20160801-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAljFDR4ACgkQCBa54Yx2
K61OQRAAgKlys1TYjDIeKEvDQJX0ALwDsFQ9DiY+kep8y0XaJ115sVp9mYgAwZvX
vqpuM2YEaCNC2dLGRH4cI1slx6JZ93yvPXbTA2VJD5sQxEMLVQG8XMz1DKTCLbGF
ZUjs45k/6MG3xDlIks/O2Fg56X6xNtiWa8o0whRL/TTZrMKY76OYn+LBak8m3rIq
3IAzXD1cK4cBfnewmne/MGMrzX4e5LhziH+e6yZTJBpDwnoed5afPvCJ/Y7wQia0
Ppj4hnAzfM9D3wKOB0caN/17l4Nq8v4a83xyEdkTLeNcxlW4BUBw5InNZbkBvcs3
HYEQdkuAY56sqfkCuCCOL1pHCGK9L24Q1WmxH/gH3vwRWnfD1+xfBHzfv523EBh1
qz8AaKtqH35b+rzn8932kWcvHJxkwqHoi4KlIjwVYcIMHjDEe1XJA/64buVrg0ej
mpuwMMvqgaKksTt+3S2iQi0jL1E2VKhXtEQnMS+CI2O6W1A45Zh7z2GOf3iSMe6t
wq0qkGMT80U2JWSioc3bHjkgJgPYzC5tdCSZ6Df6mDElVuAQ75HrUazaJ0QFjRjf
uwzMhnedsLY9IsxbYROAuXonxGr36D5yP89HfW3qlTqwX0RBno7+syNXJG9NviVV
QLBcncXmWRwEoPWqsRQTbuG7Q7hHEC0eVnhjANBT4GAfg9li6Mc=
=/A2F
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to