[Bro-Dev] [JIRA] (BIT-1402) New SSL::Invalid_Server_Cert in test-suite

Johanna Amann (JIRA) jira at bro-tracker.atlassian.net
Wed May 27 12:27:00 PDT 2015


     [ https://bro-tracker.atlassian.net/browse/BIT-1402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Johanna Amann updated BIT-1402:
-------------------------------
    Resolution: Fixed
        Status: Closed  (was: Open)

Fixed by setting OPENSSL_ENABLE_MD5_VERIFY in btest.cfg.

Fedora introduces this non-standard environment variable in one of their distro-specific patches to OpenSSL (openssl-1.0.1e-no-md5-verify.patch); if it is not set, MD5 verification is not permitted.

Committed in 5147b0bb02588f223cf04fac2ac3c3d9a7640217

> New SSL::Invalid_Server_Cert in test-suite
> ------------------------------------------
>
>                 Key: BIT-1402
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1402
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>            Reporter: Robin Sommer
>            Assignee: Johanna Amann
>             Fix For: 2.4
>
>
> I'm getting two additional {{SSL::Invalid_Server_Cert}} with the private test-suite, presumably due to an OpenSSL version change regarding MD5 handling. Can we revert behavior back to the previous one with recent OpenSSL versions? 
> {code}
> +XXXXXXXXXX.XXXXXX    XXXXXXXXXXX     X   2012    Y 443     -       -       -       tcp     SSL::Invalid_Server_Cert        SSL certificate validation failed with (certificate signature failure)  CN=XXX  X Y 443     -       bro     Notice::ACTION_LOG      3600.000000     F       -       -       -       -       -
>   +XXXXXXXXXX.XXXXXX    XXXXXXXXXXX     X   2013    Y  443     -       -       -       tcp     SSL::Invalid_Server_Cert        SSL certificate validation failed with (certificate signature failure)  CN=XXX     X Y     -       bro     Notice::ACTION_LOG      3600.000000     F       -       -       -       -       -
> {code}



--
This message was sent by Atlassian JIRA
(v6.5-OD-04-052#65000)


More information about the bro-dev mailing list