Wind River Support Network

HomeDefectsLIN8-6738

Fixed

LIN8-6738 : wrlinux 8 - Incorrect SSL certificate hashes

Created: May 24, 2017 Updated: Dec 3, 2018

Resolved Date: Jul 13, 2017

Found In Version: 8.0.0.15,8.0.0.17

Fix Version: 8.0.0.20

Severity: Standard

Applicable for: Wind River Linux 8

Component/s: Userspace

Description

openssl-c_rehash.sh uses a hard coded path to openssl: 
# choose the name of an ssl application 
if [ -n "${OPENSSL}" ] 
then 
SSL_CMD=$(which ${OPENSSL} 2>/dev/null) 
else 
SSL_CMD=/usr/bin/openssl 
OPENSSL=${SSL_CMD} 
export OPENSSL 
fi 

This effectively disables the dependency on openssl-native in ca-certificates.

Steps to Reproduce

1. Build an image containing ca-certificates on SUSE Linux Enterprise Server 11 
2. Build an image containing ca-certificates on Ubuntu 
3. Compare the resulting hashes in /etc/ssl/certs 

any bsp may be used in the test.

Result: 
Incorrect hashes result in SSL certificate failures.

Other Downloads

Wind River Linux 8.0.0.20
Wind River Linux 8.0.0.21
Wind River Linux 8.0.0.22
Wind River Linux 8.0.0.23
Wind River Linux 8.0.0.24
Wind River Linux 8.0.0.25
Wind River Linux 8.0.0.26
Wind River Linux 8.0.0.27
Wind River Linux 8.0.0.28
Wind River Linux 8.0.0.29
Wind River Linux 8.0.0.30
Wind River Linux 8.0.0.31
Wind River Linux 8.0.0.32
Wind River Linux 8.0.0.33
Wind River Linux 8.0.0.34