[Bug 192292] New: eay_cmp_asn1dn() in libcrypto.so.6 is broken after update to openssl 0.9.8za

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192292

            Bug ID: 192292
           Summary: eay_cmp_asn1dn() in libcrypto.so.6 is broken after
                    update to openssl 0.9.8za
           Product: Base System
           Version: 8.4-STABLE
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: longwitz at incore.de

After update 8.4 Stable from r256119 with openssl 0.9.8y to r268802 with
openssl 0.9.8za racoon from the ipsec-tools package can't verify identifiers
anymore. This can be demonstrated with the program eaytest


--> eaytest (from ipsec-tools package) with old libcrypto.so.6
....
**Test for Certificate.**
check to convert the string into subjectName.
C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=KAME Project, CN=Shoichi
Sakane
exact match: succeed.
wildcard 1 match: succeed.
wildcard 2 match: succeed.


--> eaytest with new libcrypto.so.6
....
**Test for Certificate.**
check to convert the string into subjectName.
C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=KAME Project, CN=Shoichi
Sakane
eaytest: asn1dn mismatched.

>From eaytest.c:
   if (eay_cmp_asn1dn(&asn1dn0,  asn1dn))
      errx(1, "asn1dn mismatched.\n");
~

-- 
You are receiving this mail because:
You are the assignee for the bug.