My Favorites

Close

Please to see your favorites.

  • Bookmark
  • Email Document
  • Printer Friendly
  • Favorite
  • Rating:

Registration returning curl: (35) error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

This document (7016299) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 3 (SLES 11 SP3)
SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2)
SUSE Linux Enterprise Server 11 Service Pack 1 (SLES 11 SP1)
SUSE Linux Enterprise Server 10 Service Pack 4 (SLES 10 SP4)
SUSE Linux Enterprise Server 10 Service Pack 3 (SLES 10 SP3)
SUSE Linux Enterprise Server 10 Service Pack 2 (SLES 10 SP2)
SUSE Linux Enterprise Server 10 Service Pack 1 (SLES 10 SP1)

Situation

While attempting to register a SLES 10 SPx server the following error is returned:

curl: (35) error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

Resolution

The problem is related to a security change on the backend registration servers for the TLS security issue commonly referred to as POODLE (ie CVE-2014-3566).  In order to communicate with the backend clients must have their openssl stack updated to the following versions for SLES 10 SP4 (Please note that the versions are provided by the Long Term Service and Support for the versions of SLES listed.  LTSS is required for access to the links listed below.  For more information about LTSS see https://www.novell.com/docrep/2013/04/long_term_service_pack_support_flyer.pdf ):

SLES 10 SP4

openssl-0.9.8a-18.88.1.x86_64.rpm       
openssl-doc-0.9.8a-18.88.1.x86_64.rpm
openssl-32bit-0.9.8a-18.88.1.x86_64.rpm
compat-openssl097g-0.9.7g-13.27.1.x86_64.rpm
compat-openssl097g-32bit-0.9.7g-13.27.1.x86_64.rpm

The rpms can be found in the SLES 10 SP4 LTSS repositories or here:

For x86_64:

https://download.suse.com/Download?buildid=MGb4NY6A6T8~
  and https://download.suse.com/Download?buildid=LTbOIvW_MaE~

For i586:

https://download.suse.com/Download?buildid=OKmvcIB0T1w~  and https://download.suse.com/Download?buildid=xQZIcbsoGkU~

For s390x:

https://download.suse.com/Download?buildid=DwyVSrCC8MY~ and https://download.suse.com/Download?buildid=F_Cuae62si0~

SLES 10 SP3

openssl-0.9.8a-18.45.79.3.x86_64.rpm 
openssl-32bit-0.9.8a-18.45.79.3.x86_64.rpm 
openssl-doc-0.9.8a-18.45.79.3.x86_64.rpm
openssl-certs-1.96-0.6.1.noarch.rpm

The rpms can be found in the SLES 10 SP3 LTSS repositories or here:

For x86_64:

https://download.suse.com/Download?buildid=RryEG9U5JVI~
and https://download.suse.com/protected/Summary.jsp?buildid=v3qbCX3dUoE~

For i586:

https://download.suse.com/Download?buildid=hPhmRGrAQUA~ and https://download.suse.com/Download?buildid=INJJxN7_8ho~

For s390x:

https://download.suse.com/Download?buildid=J2l8UK_Vvgs~ and https://download.suse.com/Download?buildid=v_QiF37zVx4~


Additionally please make sure that TID # 7010008 has been implemented to ensure that the updated openssl-certs and curl-ca-bundle have been installed.

Versions for SLES 10 SP1 and SLES 10 SP2 are currently not available in the LTSS repositories or available for download.  If you still have an active LTSS entitlement for those versions please contact Technical Services.

If you do not have LTSS entitlement the following resolutions are possible:

- Contact your SUSE Sales Representative about purchasing LTSS.  If you do not know who your Sales Representative is please contact the Customer Resolution Center.
- Deploy a Subscription Management Tool Server (ie SMT) and register your SLES 10 SPx clients to it.  For more information on SMT see: https://www.suse.com/documentation/smt11/
- Upgrade the SLES 10 SPx clients to SLES 11 SP3.  For more information on that process see TID # 7012368

For SLES 11 Versions:

SLES 11 GA:

There is no fix for SLES 11 GA.  SMT must be used or the system must be upgraded.  For more information on the upgrade process see TID # 7012368

SLES 11 SP1:

The latest updates from Patch Finder:

openssl-doc-0.9.8j-0.44.1
openssl-0.9.8j-0.44.1
libopenssl0_9_8-32bit-0.9.8j-0.44.1
libopenssl0_9_8-0.9.8j-0.44.1

SLES 11 SP2:

The base install versions work

openssl-0.9.8j-0.26.1
libopenssl0_9_8-32bit-0.9.8j-0.26.1
libopenssl0_9_8-0.9.8j-0.26.1

SLES 11 SP3:

The base install versions work

openssl-0.9.8j-0.50.1
libopenssl0_9_8-0.9.8j-0.50.1
libopenssl0_9_8-32bit-0.9.8j-0.50.1


Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7016299
  • Creation Date:12-MAR-15
  • Modified Date:24-MAR-15
    • SUSESUSE Linux Enterprise Server
< Back to Support Search

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center