Last active
August 29, 2015 14:18
-
-
Save bearice/e2dd5d4245472e1b3992 to your computer and use it in GitHub Desktop.
openssl bug
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bearice@master ~%openssl x509 -text < r | |
| Certificate: | |
| Data: | |
| Version: 3 (0x2) | |
| Serial Number: 1 (0x1) | |
| Signature Algorithm: sha256WithRSAEncryption | |
| Issuer: CN=JimuBox CA, O=Jimubox.com, OU=System Administrators, ST=Beijing, C=CN, L=Beijing/emailAddress=sa@jimubox.com | |
| Validity | |
| Not Before: Mar 20 03:29:19 2014 GMT | |
| Not After : Mar 17 03:29:19 2024 GMT | |
| Subject: CN=JimuBox CA, O=Jimubox.com, OU=System Administrators, ST=Beijing, C=CN, L=Beijing/emailAddress=sa@jimubox.com | |
| Subject Public Key Info: | |
| Public Key Algorithm: rsaEncryption | |
| Public-Key: (2048 bit) | |
| Modulus: | |
| 00:ac:68:d9:7a:e2:b9:f5:46:7b:5c:b0:7d:66:a5: | |
| 38:17:b8:43:a1:d7:92:b5:79:5f:66:2e:4a:a4:9d: | |
| 74:37:df:14:7e:ce:28:63:fa:6f:25:52:15:68:b8: | |
| 0d:9f:f1:e8:69:0f:d5:e5:bc:c2:f9:8e:53:51:f0: | |
| 09:59:64:f5:07:46:2f:c7:9a:6e:e7:e3:d4:55:a4: | |
| 2b:ee:5c:21:73:0c:e8:6c:30:f3:23:4c:7a:36:be: | |
| 17:b3:8c:78:19:42:84:99:49:a4:e1:3b:be:b5:f4: | |
| 2a:5e:6b:6a:27:4d:fe:d0:73:0d:11:eb:fe:a4:31: | |
| ac:0a:c1:63:da:1a:18:f6:df:cf:2b:b8:01:42:2d: | |
| 81:0a:9b:ce:e4:de:c4:bd:ea:ed:c2:3a:24:45:01: | |
| 66:fb:ad:8c:66:48:38:36:1e:5a:e5:a7:90:84:77: | |
| 49:1f:9c:35:e3:a8:3d:c0:fa:e1:5b:27:ff:4a:92: | |
| bd:ed:1f:b9:06:2d:ee:3c:c9:3a:dd:1c:fc:c9:ea: | |
| b8:f3:1b:1f:71:5a:cf:02:2e:35:ea:21:e2:e4:a9: | |
| c6:06:96:29:5f:a5:b4:9b:9c:bd:99:6b:27:a6:10: | |
| b3:2a:8e:82:1b:cd:36:bb:a8:b6:cf:c3:b7:42:a6: | |
| 6e:e5:89:66:f1:0d:27:ad:e9:59:6d:2e:94:7f:d6: | |
| 4b:5d | |
| Exponent: 65537 (0x10001) | |
| X509v3 extensions: | |
| X509v3 Basic Constraints: critical | |
| CA:TRUE | |
| X509v3 Key Usage: critical | |
| Digital Signature, Certificate Sign | |
| X509v3 Extended Key Usage: critical | |
| E-mail Protection, TLS Web Client Authentication, TLS Web Server Authentication, Code Signing, 1.3.6.1.5.2.3.4, 1.3.6.1.5.2.3.5, Any Extended Key Usage | |
| Signature Algorithm: sha256WithRSAEncryption | |
| 04:e7:48:d0:b5:4b:93:99:51:c1:1e:13:66:f7:8a:09:30:dd: | |
| cb:57:9a:de:c8:c4:8e:87:81:c0:b2:74:f6:a2:7e:e7:c4:e8: | |
| 48:2f:0c:99:a5:b8:f2:08:ad:a1:02:07:9b:40:35:92:11:89: | |
| 57:ee:99:f1:12:13:56:62:37:1a:16:49:19:1c:d0:06:69:ac: | |
| 00:b2:8e:69:7d:73:e7:7b:3a:bf:c0:32:40:26:6e:f2:81:6f: | |
| a2:be:0f:19:32:3f:b0:33:fc:e3:77:47:5d:df:58:ad:a0:3a: | |
| 38:ba:46:25:46:25:a5:7a:9c:0b:cd:45:ea:00:99:02:58:56: | |
| 31:79:b9:fc:e7:c7:ea:00:08:e0:4c:59:75:34:0a:18:3e:20: | |
| 89:6b:f7:7f:26:45:01:d1:4a:32:b2:d8:c8:5c:e4:da:22:68: | |
| fa:ba:6c:d4:21:ca:b5:51:0a:9d:40:06:8e:e1:c4:5d:2b:ec: | |
| 07:d3:ba:14:94:4d:13:f7:58:1e:dc:bf:3b:cf:30:44:80:96: | |
| 7c:21:ec:86:4c:75:26:44:3b:5b:99:68:7f:bc:08:d5:df:20: | |
| 19:44:7b:fa:1d:58:c1:46:26:e8:03:0d:54:2a:9b:08:cd:42: | |
| 9b:60:d5:fd:16:64:ee:c9:db:85:2c:fe:32:5f:34:d3:76:c3: | |
| b4:0e:67:cd | |
| -----BEGIN CERTIFICATE----- | |
| MIIEIjCCAwqgAwIBAgIBATALBgkqhkiG9w0BAQswgZsxEzARBgNVBAMMCkppbXVC | |
| b3ggQ0ExFDASBgNVBAoMC0ppbXVib3guY29tMR4wHAYDVQQLDBVTeXN0ZW0gQWRt | |
| aW5pc3RyYXRvcnMxEDAOBgNVBAgMB0JlaWppbmcxCzAJBgNVBAYTAkNOMRAwDgYD | |
| VQQHDAdCZWlqaW5nMR0wGwYJKoZIhvcNAQkBFg5zYUBqaW11Ym94LmNvbTAeFw0x | |
| NDAzMjAwMzI5MTlaFw0yNDAzMTcwMzI5MTlaMIGbMRMwEQYDVQQDDApKaW11Qm94 | |
| IENBMRQwEgYDVQQKDAtKaW11Ym94LmNvbTEeMBwGA1UECwwVU3lzdGVtIEFkbWlu | |
| aXN0cmF0b3JzMRAwDgYDVQQIDAdCZWlqaW5nMQswCQYDVQQGEwJDTjEQMA4GA1UE | |
| BwwHQmVpamluZzEdMBsGCSqGSIb3DQEJARYOc2FAamltdWJveC5jb20wggEiMA0G | |
| CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsaNl64rn1RntcsH1mpTgXuEOh15K1 | |
| eV9mLkqknXQ33xR+zihj+m8lUhVouA2f8ehpD9XlvML5jlNR8AlZZPUHRi/Hmm7n | |
| 49RVpCvuXCFzDOhsMPMjTHo2vhezjHgZQoSZSaThO7619Cpea2onTf7Qcw0R6/6k | |
| MawKwWPaGhj2388ruAFCLYEKm87k3sS96u3COiRFAWb7rYxmSDg2Hlrlp5CEd0kf | |
| nDXjqD3A+uFbJ/9Kkr3tH7kGLe48yTrdHPzJ6rjzGx9xWs8CLjXqIeLkqcYGlilf | |
| pbSbnL2ZayemELMqjoIbzTa7qLbPw7dCpm7liWbxDSet6VltLpR/1ktdAgMBAAGj | |
| cTBvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKEMEwGA1UdJQEB/wRC | |
| MEAGCCsGAQUFBwMEBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUFBwMDBgcrBgEF | |
| AgMEBgcrBgEFAgMFBgRVHSUAMA0GCSqGSIb3DQEBCwUAA4IBAQAE50jQtUuTmVHB | |
| HhNm94oJMN3LV5reyMSOh4HAsnT2on7nxOhILwyZpbjyCK2hAgebQDWSEYlX7pnx | |
| EhNWYjcaFkkZHNAGaawAso5pfXPnezq/wDJAJm7ygW+ivg8ZMj+wM/zjd0dd31it | |
| oDo4ukYlRiWlepwLzUXqAJkCWFYxebn858fqAAjgTFl1NAoYPiCJa/d/JkUB0Uoy | |
| stjIXOTaImj6umzUIcq1UQqdQAaO4cRdK+wH07oUlE0T91ge3L87zzBEgJZ8IeyG | |
| THUmRDtbmWh/vAjV3yAZRHv6HVjBRiboAw1UKpsIzUKbYNX9FmTuyduFLP4yXzTT | |
| dsO0DmfN | |
| -----END CERTIFICATE----- | |
| bearice@master ~%openssl x509 -text < c | |
| Certificate: | |
| Data: | |
| Version: 3 (0x2) | |
| Serial Number: 31 (0x1f) | |
| Signature Algorithm: sha256WithRSAEncryption | |
| Issuer: CN=JimuBox CA, O=Jimubox.com, OU=System Administrators, ST=Beijing, C=CN, L=Beijing/emailAddress=sa@jimubox.com | |
| Validity | |
| Not Before: Jul 14 04:38:10 2014 GMT | |
| Not After : Jul 11 04:38:10 2024 GMT | |
| Subject: CN=Jimubox Class 1 Intermediate CA, O=Jimubox, OU=SysAdmin, ST=Beijing, C=CN, L=Beijing/emailAddress=sa@jimubox.com | |
| Subject Public Key Info: | |
| Public Key Algorithm: rsaEncryption | |
| Public-Key: (2048 bit) | |
| Modulus: | |
| 00:e3:ab:23:82:08:b2:4f:4d:9f:56:b1:30:0e:c8: | |
| 9d:d3:81:50:45:27:21:27:e0:b5:68:43:7a:95:09: | |
| d6:59:98:6b:d8:46:ab:5a:4c:94:cd:aa:7d:b9:d0: | |
| f8:21:0e:d8:d0:e2:00:16:0f:98:43:98:26:64:2f: | |
| ea:6c:da:cf:9f:6b:38:e8:90:07:b0:3a:29:0a:3b: | |
| 5e:f0:74:97:ec:dc:13:57:b9:40:8d:a7:71:af:c1: | |
| 7a:20:46:31:f5:8f:46:f0:c2:3c:af:cd:78:44:45: | |
| ee:04:8c:c8:21:e0:8e:94:02:17:cc:df:e9:94:ba: | |
| c9:fa:28:36:5c:90:7d:86:4a:07:70:26:9b:08:ab: | |
| 6b:b9:3e:e6:6c:99:58:e9:62:fc:3a:c6:d1:50:bb: | |
| 6e:6a:1e:a1:70:ef:7c:8a:3d:7c:c5:e4:55:b3:a4: | |
| aa:ca:49:fb:44:65:50:cb:9f:19:5b:7a:e3:b6:4c: | |
| 19:9e:88:91:bd:42:ac:56:a5:73:7f:32:50:a7:2c: | |
| cc:20:5a:36:dd:ff:6a:a9:e0:df:24:a5:51:3e:2e: | |
| c8:cc:2c:05:0a:3a:a3:f5:7f:75:a7:9e:13:d9:23: | |
| 52:73:04:6f:29:1c:0e:1e:10:7b:fa:d0:4a:e9:d4: | |
| e7:46:23:d3:b6:ec:21:56:14:a5:61:77:ba:8f:9e: | |
| 47:b5 | |
| Exponent: 65537 (0x10001) | |
| X509v3 extensions: | |
| X509v3 Basic Constraints: critical | |
| CA:TRUE | |
| X509v3 Key Usage: critical | |
| Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only | |
| X509v3 Extended Key Usage: critical | |
| E-mail Protection, TLS Web Client Authentication, TLS Web Server Authentication, Code Signing, 1.3.6.1.5.2.3.4, 1.3.6.1.5.2.3.5, Any Extended Key Usage | |
| Signature Algorithm: sha256WithRSAEncryption | |
| 81:20:0f:af:bb:dc:52:ff:fa:73:2f:77:28:de:84:c9:89:5c: | |
| 62:96:9b:3d:fa:b1:86:2d:d1:a7:6f:d7:5d:17:9d:ae:60:36: | |
| d0:f8:15:81:46:a8:31:2b:5a:ac:eb:32:d1:1b:4f:cc:ec:72: | |
| 7a:16:9a:71:b0:15:94:dd:dd:27:e7:79:78:a8:9e:ff:5c:7a: | |
| 70:46:48:73:ed:ab:a3:2b:2d:45:4d:8d:66:0d:f6:45:fd:14: | |
| 8b:7f:08:d5:17:8d:74:c8:4c:9e:ed:11:f6:d2:04:f3:c2:49: | |
| 42:80:05:a8:8e:a6:b6:9b:ac:23:a6:18:a6:56:3d:f4:30:5b: | |
| 23:87:69:fb:cc:96:ad:b8:60:e1:df:e0:7e:5a:29:a5:f9:d9: | |
| d7:39:95:2a:38:fc:13:eb:fa:c0:bd:ca:3d:b0:da:c2:e7:93: | |
| 32:1b:bb:eb:5c:e2:ea:fb:22:e3:8c:fc:c5:19:35:8a:5a:24: | |
| 00:a3:b8:97:18:8d:8e:ab:74:d1:4c:67:6a:1b:4a:22:16:29: | |
| b5:6a:b1:63:b3:91:b0:ea:08:3e:d4:05:25:c2:4f:d1:0f:a3: | |
| 1b:fc:de:91:11:cc:9b:02:21:1e:25:d2:57:df:fd:df:6b:c4: | |
| 21:ff:43:d0:57:c6:20:f5:70:71:38:df:45:9b:3c:f8:9e:20: | |
| 5d:65:31:c3 | |
| -----BEGIN CERTIFICATE----- | |
| MIIEJzCCAw+gAwIBAgIBHzALBgkqhkiG9w0BAQswgZsxEzARBgNVBAMMCkppbXVC | |
| b3ggQ0ExFDASBgNVBAoMC0ppbXVib3guY29tMR4wHAYDVQQLDBVTeXN0ZW0gQWRt | |
| aW5pc3RyYXRvcnMxEDAOBgNVBAgMB0JlaWppbmcxCzAJBgNVBAYTAkNOMRAwDgYD | |
| VQQHDAdCZWlqaW5nMR0wGwYJKoZIhvcNAQkBFg5zYUBqaW11Ym94LmNvbTAeFw0x | |
| NDA3MTQwNDM4MTBaFw0yNDA3MTEwNDM4MTBaMIGfMSgwJgYDVQQDDB9KaW11Ym94 | |
| IENsYXNzIDEgSW50ZXJtZWRpYXRlIENBMRAwDgYDVQQKDAdKaW11Ym94MREwDwYD | |
| VQQLDAhTeXNBZG1pbjEQMA4GA1UECAwHQmVpamluZzELMAkGA1UEBhMCQ04xEDAO | |
| BgNVBAcMB0JlaWppbmcxHTAbBgkqhkiG9w0BCQEWDnNhQGppbXVib3guY29tMIIB | |
| IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46sjggiyT02fVrEwDsid04FQ | |
| RSchJ+C1aEN6lQnWWZhr2EarWkyUzap9udD4IQ7Y0OIAFg+YQ5gmZC/qbNrPn2s4 | |
| 6JAHsDopCjte8HSX7NwTV7lAjadxr8F6IEYx9Y9G8MI8r814REXuBIzIIeCOlAIX | |
| zN/plLrJ+ig2XJB9hkoHcCabCKtruT7mbJlY6WL8OsbRULtuah6hcO98ij18xeRV | |
| s6Sqykn7RGVQy58ZW3rjtkwZnoiRvUKsVqVzfzJQpyzMIFo23f9qqeDfJKVRPi7I | |
| zCwFCjqj9X91p54T2SNScwRvKRwOHhB7+tBK6dTnRiPTtuwhVhSlYXe6j55HtQID | |
| AQABo3IwcDAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMH/4AwTAYDVR0l | |
| AQH/BEIwQAYIKwYBBQUHAwQGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMG | |
| BysGAQUCAwQGBysGAQUCAwUGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAIEgD6+7 | |
| 3FL/+nMvdyjehMmJXGKWmz36sYYt0adv110Xna5gNtD4FYFGqDErWqzrMtEbT8zs | |
| cnoWmnGwFZTd3SfneXionv9cenBGSHPtq6MrLUVNjWYN9kX9FIt/CNUXjXTITJ7t | |
| EfbSBPPCSUKABaiOprabrCOmGKZWPfQwWyOHafvMlq24YOHf4H5aKaX52dc5lSo4 | |
| /BPr+sC9yj2w2sLnkzIbu+tc4ur7IuOM/MUZNYpaJACjuJcYjY6rdNFMZ2obSiIW | |
| KbVqsWOzkbDqCD7UBSXCT9EPoxv83pERzJsCIR4l0lff/d9rxCH/Q9BXxiD1cHE4 | |
| 30WbPPieIF1lMcM= | |
| -----END CERTIFICATE----- | |
| #fails with openssl installed by apt | |
| bearice@master ~%openssl verify -verbose -CAfile r c | |
| c: CN = Jimubox Class 1 Intermediate CA, O = Jimubox, OU = SysAdmin, ST = Beijing, C = CN, L = Beijing, emailAddress = sa@jimubox.com | |
| error 7 at 0 depth lookup:certificate signature failure | |
| #but the one compiled from source will work | |
| bearice@master ~%./openssl-1.0.1f/apps/openssl verify -verbose -CAfile r c | |
| WARNING: can't open config file: /usr/local/ssl/openssl.cnf | |
| c: OK | |
| #version | |
| bearice@master ~%apt show openssl | |
| Package: openssl | |
| Priority: standard | |
| Section: utils | |
| Installed-Size: 928 kB | |
| Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> | |
| Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> | |
| Version: 1.0.1f-1ubuntu2.11 | |
| Depends: libc6 (>= 2.15), libssl1.0.0 (>= 1.0.1) | |
| Suggests: ca-certificates | |
| Download-Size: 488 kB | |
| Bugs: https://bugs.launchpad.net/ubuntu/+filebug | |
| bearice@master ~%lsb_release -a | |
| No LSB modules are available. | |
| Distributor ID: Ubuntu | |
| Description: Ubuntu 14.04.2 LTS | |
| Release: 14.04 | |
| Codename: trusty |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment