Bug#773815: marked as done (ssl-cert in wheezy should default to SHA-2-based certs)
Your message dated Tue, 25 Aug 2015 18:32:24 +0000
with message-id <E1ZUJ1E-0000qk-1F@franck.debian.org>
and subject line Bug#773815: fixed in ssl-cert 1.0.32+deb7u1
has caused the Debian Bug report #773815,
regarding ssl-cert in wheezy should default to SHA-2-based certs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
773815: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773815
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ssl-cert in wheezy should default to SHA-2-based certs
- From: David Magda <david.magda@oicr.on.ca>
- Date: Tue, 23 Dec 2014 09:38:49 -0500
- Message-id: <20141223143849.17342.73138.reportbug@cobalt.res.oicr.on.ca>
Package: ssl-cert
Version: 1.0.32
Severity: normal
Version 1.0.35 in jessie/testing create snakeoil certs with SHA-256 as
the hasing algorithm, but the version is wheezy still uses SHA-1.
Given the change in policy of the major browsers (IE, FF, Chrome) to
start marking SHA-1-based certs as "insecure" going forward, it'd be
nice if make-ssl-cert(8) generated SHA-256 certs.
Could the fix done for bug #733255 be be brought in? I'd also be better
that the change done in "wheezy" and not "wheezy-backports".
Making this change for squeeze-lts (1.0.28) would also be handy.
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages ssl-cert depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.49
ii openssl 1.0.1e-2+deb7u13
ssl-cert recommends no packages.
Versions of packages ssl-cert suggests:
pn openssl-blacklist <none>
-- debconf information excluded
--- End Message ---
--- Begin Message ---
- To: 773815-close@bugs.debian.org
- Subject: Bug#773815: fixed in ssl-cert 1.0.32+deb7u1
- From: Stefan Fritsch <sf@debian.org>
- Date: Tue, 25 Aug 2015 18:32:24 +0000
- Message-id: <E1ZUJ1E-0000qk-1F@franck.debian.org>
Source: ssl-cert
Source-Version: 1.0.32+deb7u1
We believe that the bug you reported is fixed in the latest version of
ssl-cert, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 773815@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated ssl-cert package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 16 Aug 2015 13:27:23 +0200
Source: ssl-cert
Binary: ssl-cert
Architecture: source all
Version: 1.0.32+deb7u1
Distribution: wheezy
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
ssl-cert - simple debconf wrapper for OpenSSL
Closes: 733255 773815 780828
Changes:
ssl-cert (1.0.32+deb7u1) wheezy; urgency=medium
.
* Switch to SHA2 for newly generated certificates. Closes: #733255, #773815
* Set umask to make sure that the generated key is not world-readable
for a short timespan while make-ssl-cert runs. Closes: #780828
Checksums-Sha1:
e0d90eed5aae4ea433d4c7bfb7cda7936ae1b94d 1635 ssl-cert_1.0.32+deb7u1.dsc
7379fb0735906a41d198244083167db61b42f20a 28653 ssl-cert_1.0.32+deb7u1.tar.gz
b69fe3c4c4d9944a468e87055dd63e734b4f4be8 19590 ssl-cert_1.0.32+deb7u1_all.deb
Checksums-Sha256:
2dec907bcf498b88812b16a21dcfada3b31abd54d950e845ce56f58deb912328 1635 ssl-cert_1.0.32+deb7u1.dsc
3f73225353b76a5493c0b1ee3e54bec385e0feb8aa97ae32ab2f7c4e5ba88122 28653 ssl-cert_1.0.32+deb7u1.tar.gz
1d6e5768e6b473a55072b328f31d9888bbc18353a3955ad9a01c5981e948190b 19590 ssl-cert_1.0.32+deb7u1_all.deb
Files:
6d165428ec8bf58521f61133f593a2af 1635 utils optional ssl-cert_1.0.32+deb7u1.dsc
987f808ee8e515743665f2288b35be84 28653 utils optional ssl-cert_1.0.32+deb7u1.tar.gz
e3691d948717cc4d79ce53cb3fb85201 19590 utils optional ssl-cert_1.0.32+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJV12vAAAoJEMaHXzVBzv3gjTgP/iJ6sT3QIYn5sKkiDfbaewBl
G0BJBiwQhaGqop8AJMyF/rG0Q6ycz2vmecGt1sIZ6aigtkiWCV8CIowlre6qAztD
XVOa8eTqHietn8y+CizpKoP1EBMGv2DUs5rTGl/lceaK3/unW41x3XXh0tuQItgl
k8O7y8gwcHxoLRwWAtS/XaEorviP47+67V/nQp72MIKnVCTTSyTojdJnIzZCSGTQ
kRtQY2L6Ifud40PhrympVdy09GBW0IbhqiI7VZQafeDdcWVUpR2BTUyheZGtjQ8A
eCkiVbYURUQ4+GvLVBrevIo1aQrK4YdOMOvFXvtC5QvTzRrRytUzETa1rEy+2Z9x
7c6dWOsnNGeHjeRrvboMdwa/4bRdnG9ec2EoRMeaY491H4TVZkQHIPQ1fhgZG43Z
4VghPWLoP3rzLEo+XNNAJseF6icKPmRYEtbWWxekuV3/hPxhC3NjtkK5uBSLL2hn
YjtWt66zXA2BBlWo1Sb5LdX0sI2EuVmFObCtOMZaoC0jmHU66jSfrdEGQgmRHdgJ
Jq6/07MqHPJKBIMh1N7valHFAIp+1Ur6iMBH6JcalfEbA/STRT2etkWQ7Bk2lUym
wzQGp1JaAlcepG46mawodAP3lB8jJM49phWrrkpajsEmnrUNZNC1i4a7S9DWsEDq
8h+z8F+hnsRK3IncQo56
=lPOq
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: