[AG-TECH] Venue Server question
Thomas Uram
turam at mcs.anl.gov
Fri Jan 29 19:07:57 CST 2010
It turns out that the problem is two-fold: the updated AGDev CA cert
uses a large hex serial number, and this number overflows integer
conversions used by m2crypto. While the serial number is legitimate,
and the failure warrants an m2crypto patch, such a patch would not
solve the problem for all users immediately (they'd have to discover
the problem and apply the patch). In the interest of expediency, then,
I've issued a new AGDev CA cert that uses a small integer serial
number and will not encounter this problem. It is an update of the
previous AGDev CA cert, so all certs issued previously will continue
to validate against it.
I've attached the updated CA cert. If you could push it into your
environments and confirm that no problems arise, I'll commit it to the
AG SVN for inclusion with future builds.
Mike: If you import the attached cert and signing policy, you should
be able to get your server running.
Let me know of any problems.
Thanks,
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 45cc9e80.Jan2010.0
Type: application/octet-stream
Size: 904 bytes
Desc: not available
URL: <http://lists.mcs.anl.gov/pipermail/ag-tech/attachments/20100129/0f92725e/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 45cc9e80.signing_policy
Type: application/octet-stream
Size: 1334 bytes
Desc: not available
URL: <http://lists.mcs.anl.gov/pipermail/ag-tech/attachments/20100129/0f92725e/attachment-0001.obj>
-------------- next part --------------
On Jan 29, 2010, at 7:32 AM, Mike Weaver wrote:
> I've been playing for the past hour trying to get the dependencies
> to work
> out, but too much in F12 requires libssl.so.10. I figured I either
> needed
> to drop down to F11 or figure out how to roll my own m2crypto
> package. As
> Chris has offered, I'll leave that effort to the experts ;-)
>
> Thanks for looking at this guys,
>
> Mike
>
> -----Original Message-----
> From: ag-tech-bounces at lists.mcs.anl.gov
> [mailto:ag-tech-bounces at lists.mcs.anl.gov] On Behalf Of Douglas
> Kosovic
> Sent: Friday, January 29, 2010 7:59 AM
> To: AG-Tech at mcs.anl.gov
> Subject: Re: [AG-TECH] Venue Server question
>
> Hi Tom,
>
> Fedora 12 comes with OpenSSL 1.0.0 beta 4 and earlier versions of
> m2crypto just can't build against it.
>
> But Fedora 12's m2crypto-0.20.1 RPM includes an upstream patch to
> build
> against OpenSSL 1.0.0, I might see if I can take the patch and apply
> it
> to m2crypto-0.19.1.
>
>
> Doug
>
>
> On 01/29/2010 10:39 PM, Thomas Uram wrote:
>> Mike:
>>
>> A suitable workaround for now would be to drop back to an earlier
>> m2crypto version.
>>
>> Chris: Have you isolated the problem to a particular m2crypto
>> version?
>>
>> Tom
>>
>
More information about the ag-tech
mailing list