Public bug reported: Seen on 18.04.1 with openssl/libssl 1.1.0g-2ubuntu4.1
As per the issue on the openssl github at https://github.com/openssl/openssl/issues/5521 - 1.1.0 is overzealous about parsing common names as hostnames and this can lead to incorrectly rejecting client certificates from CAs with DNS name constraints. This is reportedly fixed in 1.1.1. Specifically this is an issue in my case because I run an apache2 server that verifies client certificates on https connections and have discovered that some certificates are being rejected because an intermediate CA has DNS name constraints which are being unexpectedly applied to the CN of client certificates. ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Tags: bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1802125 Title: openssl 1.1.0 incorrectly verifies certificates with permitted name constraints To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1802125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
