Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL OCSP server don't start if index contain certificates with same subjects #25156

Open
sergius-fidelis opened this issue Aug 10, 2024 · 0 comments
Open

OpenSSL OCSP server don't start if index contain certificates with same subjects #25156

sergius-fidelis opened this issue Aug 10, 2024 · 0 comments
Labels
triaged: bug The issue/pr is/fixes a bug

Comments

@sergius-fidelis
Copy link

sergius-fidelis commented Aug 10, 2024
edited
Loading

Description of problem:

If OpenSSL CA index contain certificates with same subject openssl log error and stops:

ACCEPT 0.0.0.0:8080 PID=234
Error creating name index:(2,2,3)
Problem with index file: /etc/ca/index (could not load/parse file)

Version of openssl used:

OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024)

Distributor of openssl:

Debian 12
Debian Unstable

How reproducible:

  • Configure OpenSSL CA.
  • Issue a certificate.
  • Issue a certificate with same subject.
  • Start OpenSSL OCSP server:
openssl ocsp -port 8080 -rkey /etc/ca/ocsp.key -rsigner /etc/ca/ocsp.crt -CA /etc/ca/ca.crt -index /etc/ca/index -text -timeout 5

index file:

V	290800000000Z		3F18CD9AB6217DE5CF83330BD5E67EB6F640D8CD	unknown	/O=Test/OU=Some OU/CN=Certificate Authority
V	260800000000Z		60054007F6611F04F64002BAAF7C5E43CB2AFB0B	unknown	/O=Test/OU=Some OU/CN=OCSP
V	260800000000Z		38C0282B968332E0416309226F0E81C605127C4C	unknown	/O=Test/OU=Some OU/CN=Web Server
V	260800000000Z		48F8FD0B71BD14B25B9604EBF7D27402A69CB72C	unknown	/O=Test/OU=Some OU/CN=Web Server

If delete one of the "/O=Test/OU=Some OU/CN=Web Server" lines and try again, server will start.
@sergius-fidelis sergius-fidelis added the issue: bug report The issue was opened to report a bug label Aug 10, 2024
@Sashan Sashan added the triaged: bug The issue/pr is/fixes a bug label Aug 14, 2024
@mattcaswell mattcaswell removed the issue: bug report The issue was opened to report a bug label Aug 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Sashan @mattcaswell @sergius-fidelis