Skip to content

Instantly share code, notes, and snippets.

@bearice

bearice/gist:e2dd5d4245472e1b3992

Last active August 29, 2015 14:18
Show Gist options
  • Save bearice/e2dd5d4245472e1b3992 to your computer and use it in GitHub Desktop.
Save bearice/e2dd5d4245472e1b3992 to your computer and use it in GitHub Desktop.
Download ZIP
openssl bug
Raw
gistfile1.txt
bearice@master ~%openssl x509 -text < r
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JimuBox CA, O=Jimubox.com, OU=System Administrators, ST=Beijing, C=CN, L=Beijing/[email protected]
Validity
Not Before: Mar 20 03:29:19 2014 GMT
Not After : Mar 17 03:29:19 2024 GMT
Subject: CN=JimuBox CA, O=Jimubox.com, OU=System Administrators, ST=Beijing, C=CN, L=Beijing/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ac:68:d9:7a:e2:b9:f5:46:7b:5c:b0:7d:66:a5:
38:17:b8:43:a1:d7:92:b5:79:5f:66:2e:4a:a4:9d:
74:37:df:14:7e:ce:28:63:fa:6f:25:52:15:68:b8:
0d:9f:f1:e8:69:0f:d5:e5:bc:c2:f9:8e:53:51:f0:
09:59:64:f5:07:46:2f:c7:9a:6e:e7:e3:d4:55:a4:
2b:ee:5c:21:73:0c:e8:6c:30:f3:23:4c:7a:36:be:
17:b3:8c:78:19:42:84:99:49:a4:e1:3b:be:b5:f4:
2a:5e:6b:6a:27:4d:fe:d0:73:0d:11:eb:fe:a4:31:
ac:0a:c1:63:da:1a:18:f6:df:cf:2b:b8:01:42:2d:
81:0a:9b:ce:e4:de:c4:bd:ea:ed:c2:3a:24:45:01:
66:fb:ad:8c:66:48:38:36:1e:5a:e5:a7:90:84:77:
49:1f:9c:35:e3:a8:3d:c0:fa:e1:5b:27:ff:4a:92:
bd:ed:1f:b9:06:2d:ee:3c:c9:3a:dd:1c:fc:c9:ea:
b8:f3:1b:1f:71:5a:cf:02:2e:35:ea:21:e2:e4:a9:
c6:06:96:29:5f:a5:b4:9b:9c:bd:99:6b:27:a6:10:
b3:2a:8e:82:1b:cd:36:bb:a8:b6:cf:c3:b7:42:a6:
6e:e5:89:66:f1:0d:27:ad:e9:59:6d:2e:94:7f:d6:
4b:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign
X509v3 Extended Key Usage: critical
E-mail Protection, TLS Web Client Authentication, TLS Web Server Authentication, Code Signing, 1.3.6.1.5.2.3.4, 1.3.6.1.5.2.3.5, Any Extended Key Usage
Signature Algorithm: sha256WithRSAEncryption
04:e7:48:d0:b5:4b:93:99:51:c1:1e:13:66:f7:8a:09:30:dd:
cb:57:9a:de:c8:c4:8e:87:81:c0:b2:74:f6:a2:7e:e7:c4:e8:
48:2f:0c:99:a5:b8:f2:08:ad:a1:02:07:9b:40:35:92:11:89:
57:ee:99:f1:12:13:56:62:37:1a:16:49:19:1c:d0:06:69:ac:
00:b2:8e:69:7d:73:e7:7b:3a:bf:c0:32:40:26:6e:f2:81:6f:
a2:be:0f:19:32:3f:b0:33:fc:e3:77:47:5d:df:58:ad:a0:3a:
38:ba:46:25:46:25:a5:7a:9c:0b:cd:45:ea:00:99:02:58:56:
31:79:b9:fc:e7:c7:ea:00:08:e0:4c:59:75:34:0a:18:3e:20:
89:6b:f7:7f:26:45:01:d1:4a:32:b2:d8:c8:5c:e4:da:22:68:
fa:ba:6c:d4:21:ca:b5:51:0a:9d:40:06:8e:e1:c4:5d:2b:ec:
07:d3:ba:14:94:4d:13:f7:58:1e:dc:bf:3b:cf:30:44:80:96:
7c:21:ec:86:4c:75:26:44:3b:5b:99:68:7f:bc:08:d5:df:20:
19:44:7b:fa:1d:58:c1:46:26:e8:03:0d:54:2a:9b:08:cd:42:
9b:60:d5:fd:16:64:ee:c9:db:85:2c:fe:32:5f:34:d3:76:c3:
b4:0e:67:cd
-----BEGIN CERTIFICATE-----
MIIEIjCCAwqgAwIBAgIBATALBgkqhkiG9w0BAQswgZsxEzARBgNVBAMMCkppbXVC
b3ggQ0ExFDASBgNVBAoMC0ppbXVib3guY29tMR4wHAYDVQQLDBVTeXN0ZW0gQWRt
aW5pc3RyYXRvcnMxEDAOBgNVBAgMB0JlaWppbmcxCzAJBgNVBAYTAkNOMRAwDgYD
VQQHDAdCZWlqaW5nMR0wGwYJKoZIhvcNAQkBFg5zYUBqaW11Ym94LmNvbTAeFw0x
NDAzMjAwMzI5MTlaFw0yNDAzMTcwMzI5MTlaMIGbMRMwEQYDVQQDDApKaW11Qm94
IENBMRQwEgYDVQQKDAtKaW11Ym94LmNvbTEeMBwGA1UECwwVU3lzdGVtIEFkbWlu
aXN0cmF0b3JzMRAwDgYDVQQIDAdCZWlqaW5nMQswCQYDVQQGEwJDTjEQMA4GA1UE
BwwHQmVpamluZzEdMBsGCSqGSIb3DQEJARYOc2FAamltdWJveC5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsaNl64rn1RntcsH1mpTgXuEOh15K1
eV9mLkqknXQ33xR+zihj+m8lUhVouA2f8ehpD9XlvML5jlNR8AlZZPUHRi/Hmm7n
49RVpCvuXCFzDOhsMPMjTHo2vhezjHgZQoSZSaThO7619Cpea2onTf7Qcw0R6/6k
MawKwWPaGhj2388ruAFCLYEKm87k3sS96u3COiRFAWb7rYxmSDg2Hlrlp5CEd0kf
nDXjqD3A+uFbJ/9Kkr3tH7kGLe48yTrdHPzJ6rjzGx9xWs8CLjXqIeLkqcYGlilf
pbSbnL2ZayemELMqjoIbzTa7qLbPw7dCpm7liWbxDSet6VltLpR/1ktdAgMBAAGj
cTBvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKEMEwGA1UdJQEB/wRC
MEAGCCsGAQUFBwMEBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUFBwMDBgcrBgEF
AgMEBgcrBgEFAgMFBgRVHSUAMA0GCSqGSIb3DQEBCwUAA4IBAQAE50jQtUuTmVHB
HhNm94oJMN3LV5reyMSOh4HAsnT2on7nxOhILwyZpbjyCK2hAgebQDWSEYlX7pnx
EhNWYjcaFkkZHNAGaawAso5pfXPnezq/wDJAJm7ygW+ivg8ZMj+wM/zjd0dd31it
oDo4ukYlRiWlepwLzUXqAJkCWFYxebn858fqAAjgTFl1NAoYPiCJa/d/JkUB0Uoy
stjIXOTaImj6umzUIcq1UQqdQAaO4cRdK+wH07oUlE0T91ge3L87zzBEgJZ8IeyG
THUmRDtbmWh/vAjV3yAZRHv6HVjBRiboAw1UKpsIzUKbYNX9FmTuyduFLP4yXzTT
dsO0DmfN
-----END CERTIFICATE-----
bearice@master ~%openssl x509 -text < c
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 31 (0x1f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=JimuBox CA, O=Jimubox.com, OU=System Administrators, ST=Beijing, C=CN, L=Beijing/[email protected]
Validity
Not Before: Jul 14 04:38:10 2014 GMT
Not After : Jul 11 04:38:10 2024 GMT
Subject: CN=Jimubox Class 1 Intermediate CA, O=Jimubox, OU=SysAdmin, ST=Beijing, C=CN, L=Beijing/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e3:ab:23:82:08:b2:4f:4d:9f:56:b1:30:0e:c8:
9d:d3:81:50:45:27:21:27:e0:b5:68:43:7a:95:09:
d6:59:98:6b:d8:46:ab:5a:4c:94:cd:aa:7d:b9:d0:
f8:21:0e:d8:d0:e2:00:16:0f:98:43:98:26:64:2f:
ea:6c:da:cf:9f:6b:38:e8:90:07:b0:3a:29:0a:3b:
5e:f0:74:97:ec:dc:13:57:b9:40:8d:a7:71:af:c1:
7a:20:46:31:f5:8f:46:f0:c2:3c:af:cd:78:44:45:
ee:04:8c:c8:21:e0:8e:94:02:17:cc:df:e9:94:ba:
c9:fa:28:36:5c:90:7d:86:4a:07:70:26:9b:08:ab:
6b:b9:3e:e6:6c:99:58:e9:62:fc:3a:c6:d1:50:bb:
6e:6a:1e:a1:70:ef:7c:8a:3d:7c:c5:e4:55:b3:a4:
aa:ca:49:fb:44:65:50:cb:9f:19:5b:7a:e3:b6:4c:
19:9e:88:91:bd:42:ac:56:a5:73:7f:32:50:a7:2c:
cc:20:5a:36:dd:ff:6a:a9:e0:df:24:a5:51:3e:2e:
c8:cc:2c:05:0a:3a:a3:f5:7f:75:a7:9e:13:d9:23:
52:73:04:6f:29:1c:0e:1e:10:7b:fa:d0:4a:e9:d4:
e7:46:23:d3:b6:ec:21:56:14:a5:61:77:ba:8f:9e:
47:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
X509v3 Extended Key Usage: critical
E-mail Protection, TLS Web Client Authentication, TLS Web Server Authentication, Code Signing, 1.3.6.1.5.2.3.4, 1.3.6.1.5.2.3.5, Any Extended Key Usage
Signature Algorithm: sha256WithRSAEncryption
81:20:0f:af:bb:dc:52:ff:fa:73:2f:77:28:de:84:c9:89:5c:
62:96:9b:3d:fa:b1:86:2d:d1:a7:6f:d7:5d:17:9d:ae:60:36:
d0:f8:15:81:46:a8:31:2b:5a:ac:eb:32:d1:1b:4f:cc:ec:72:
7a:16:9a:71:b0:15:94:dd:dd:27:e7:79:78:a8:9e:ff:5c:7a:
70:46:48:73:ed:ab:a3:2b:2d:45:4d:8d:66:0d:f6:45:fd:14:
8b:7f:08:d5:17:8d:74:c8:4c:9e:ed:11:f6:d2:04:f3:c2:49:
42:80:05:a8:8e:a6:b6:9b:ac:23:a6:18:a6:56:3d:f4:30:5b:
23:87:69:fb:cc:96:ad:b8:60:e1:df:e0:7e:5a:29:a5:f9:d9:
d7:39:95:2a:38:fc:13:eb:fa:c0:bd:ca:3d:b0:da:c2:e7:93:
32:1b:bb:eb:5c:e2:ea:fb:22:e3:8c:fc:c5:19:35:8a:5a:24:
00:a3:b8:97:18:8d:8e:ab:74:d1:4c:67:6a:1b:4a:22:16:29:
b5:6a:b1:63:b3:91:b0:ea:08:3e:d4:05:25:c2:4f:d1:0f:a3:
1b:fc:de:91:11:cc:9b:02:21:1e:25:d2:57:df:fd:df:6b:c4:
21:ff:43:d0:57:c6:20:f5:70:71:38:df:45:9b:3c:f8:9e:20:
5d:65:31:c3
-----BEGIN CERTIFICATE-----
MIIEJzCCAw+gAwIBAgIBHzALBgkqhkiG9w0BAQswgZsxEzARBgNVBAMMCkppbXVC
b3ggQ0ExFDASBgNVBAoMC0ppbXVib3guY29tMR4wHAYDVQQLDBVTeXN0ZW0gQWRt
aW5pc3RyYXRvcnMxEDAOBgNVBAgMB0JlaWppbmcxCzAJBgNVBAYTAkNOMRAwDgYD
VQQHDAdCZWlqaW5nMR0wGwYJKoZIhvcNAQkBFg5zYUBqaW11Ym94LmNvbTAeFw0x
NDA3MTQwNDM4MTBaFw0yNDA3MTEwNDM4MTBaMIGfMSgwJgYDVQQDDB9KaW11Ym94
IENsYXNzIDEgSW50ZXJtZWRpYXRlIENBMRAwDgYDVQQKDAdKaW11Ym94MREwDwYD
VQQLDAhTeXNBZG1pbjEQMA4GA1UECAwHQmVpamluZzELMAkGA1UEBhMCQ04xEDAO
BgNVBAcMB0JlaWppbmcxHTAbBgkqhkiG9w0BCQEWDnNhQGppbXVib3guY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46sjggiyT02fVrEwDsid04FQ
RSchJ+C1aEN6lQnWWZhr2EarWkyUzap9udD4IQ7Y0OIAFg+YQ5gmZC/qbNrPn2s4
6JAHsDopCjte8HSX7NwTV7lAjadxr8F6IEYx9Y9G8MI8r814REXuBIzIIeCOlAIX
zN/plLrJ+ig2XJB9hkoHcCabCKtruT7mbJlY6WL8OsbRULtuah6hcO98ij18xeRV
s6Sqykn7RGVQy58ZW3rjtkwZnoiRvUKsVqVzfzJQpyzMIFo23f9qqeDfJKVRPi7I
zCwFCjqj9X91p54T2SNScwRvKRwOHhB7+tBK6dTnRiPTtuwhVhSlYXe6j55HtQID
AQABo3IwcDAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMH/4AwTAYDVR0l
AQH/BEIwQAYIKwYBBQUHAwQGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMG
BysGAQUCAwQGBysGAQUCAwUGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAIEgD6+7
3FL/+nMvdyjehMmJXGKWmz36sYYt0adv110Xna5gNtD4FYFGqDErWqzrMtEbT8zs
cnoWmnGwFZTd3SfneXionv9cenBGSHPtq6MrLUVNjWYN9kX9FIt/CNUXjXTITJ7t
EfbSBPPCSUKABaiOprabrCOmGKZWPfQwWyOHafvMlq24YOHf4H5aKaX52dc5lSo4
/BPr+sC9yj2w2sLnkzIbu+tc4ur7IuOM/MUZNYpaJACjuJcYjY6rdNFMZ2obSiIW
KbVqsWOzkbDqCD7UBSXCT9EPoxv83pERzJsCIR4l0lff/d9rxCH/Q9BXxiD1cHE4
30WbPPieIF1lMcM=
-----END CERTIFICATE-----
#fails with openssl installed by apt
bearice@master ~%openssl verify -verbose -CAfile r c
c: CN = Jimubox Class 1 Intermediate CA, O = Jimubox, OU = SysAdmin, ST = Beijing, C = CN, L = Beijing, emailAddress = [email protected]
error 7 at 0 depth lookup:certificate signature failure
#but the one compiled from source will work
bearice@master ~%./openssl-1.0.1f/apps/openssl verify -verbose -CAfile r c
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
c: OK
#version
bearice@master ~%apt show openssl
Package: openssl
Priority: standard
Section: utils
Installed-Size: 928 kB
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: Debian OpenSSL Team <[email protected]>
Version: 1.0.1f-1ubuntu2.11
Depends: libc6 (>= 2.15), libssl1.0.0 (>= 1.0.1)
Suggests: ca-certificates
Download-Size: 488 kB
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
bearice@master ~%lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.2 LTS
Release: 14.04
Codename: trusty
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment