[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /usr/bin/openssl failed on sso.debian.org



Quoting Enrico Zini (2016-04-08 11:22:53)
> On Fri, Apr 08, 2016 at 10:14:15AM +0200, Enrico Zini wrote:
> 
> > The error is reproducible while running a checkout of debsso locally on
> > a ./manage.py runserver. See README for dependencies, and
> > django-oauth-toolkit and django-cors-headers are now at least in Debian
> > testing.
> > 
> > I ran it locally and this is the openssl error:
> > 
> > /usr/bin/openssl spkac -in /tmp/tmp4IATDN/spkac -verify failed with error 1
> > stderr:
> > Error loading SPKAC 140607590233752:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:157: 140607590233752:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1187: 140607590233752:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=NETSCAPE_SPKI
> 
> Summary of some discussion on #debian-devel (thanks kaeso):
> 
>  - http://echelog.com/logs/browse/chromium/1457996400
>    (searching spkac in the page) has people talking about it
>  - http://blog.chromium.org/2016/02/chrome-49-beta-css-custom-properties.html
>    "Keygen and application/x-x509-user-cert"
>  - https://bugs.chromium.org/p/chromium/issues/detail?id=514767
> 
> So, chrome just went and removed support for it. It now just silently
> fails. It can be reenabled somehow, but then the key is not pushed into
> the browser keystore, but only downloaded. No viable alternative
> suggested to what they just removed.
> 
> Which is fine, I guess, for someone living in an ecosystem where
> «authentication via "log in with your Google or Facebook account"» is
> all your users would ever need.
> 
> I guess I should stop writing here, as at the moment I can think of a
> lot of things to write, but nothing constructive among them.

The W3C public-rww list has some possibly interesting references related 
to this issue: 
https://www.w3.org/mid/https://www.w3.org/mid/20150730174424.GA7779@c

If similar issues arise, it might make sense to try get in touch with 
them: WebID is quite similar to our setup, and therefore face exactly 
the same problems from client side.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: signature


Reply to: