2105754 – AusweisApp2 fails certificate verification for DECVCAeID00102

Bug 2105754 - AusweisApp2 fails certificate verification for DECVCAeID00102

Summary: AusweisApp2 fails certificate verification for DECVCAeID00102

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	AusweisApp2
Sub Component:
Version:	37
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Björn 'besser82' Esser
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2124998 (view as bug list)
Depends On:	openssl_brainpool_ecc
Blocks:
TreeView+	depends on / blocked

Reported:	2022-07-10 06:38 UTC by Helge Deller
Modified:	2023-03-29 15:55 UTC (History)
CC List:	13 users (show)
Fixed In Version:	AusweisApp2-1.24.1-1.fc37 AusweisApp2-1.24.1-1.fc36 AusweisApp2-1.24.1-1.fc35 AusweisApp2-1.26.3-1.fc38
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-03-26 00:20:20 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Veraltete Version (4.78 KB, text/plain) 2023-01-02 20:53 UTC, Alexander	no flags	Details
View All

Description Helge Deller 2022-07-10 06:38:30 UTC

Description of problem:
AusweisApp2 doesn't work - even looking at "Own data" doesn't work.

Steps to Reproduce:
1. Start "view own data", 

Actual results:
- communication to https://www.autentapp.de seems to fail. 

Expected results:
It should show "own data".

AusweisApp2-1.22.3-1.fc36.x86_64
running on Gnome desktop

Additional info (taken from Log on screen):
network    2022.07.10 08:20:14.730 198882 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:110) : Used session protocol: "TlsV1_2"
network    2022.07.10 08:20:14.730 198882 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:110) : Used ephemeral server key:
network    2022.07.10 08:20:14.730 198882 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:110) : Used peer certificate: QSslCertificate("3", "77:e6:2b:ae:23:d1:b6:59:81:be:35:94:cb:fe:e2:00", "IFsNCKNJnVGooZYRZYqFUQ==", "D-TRUST CA 2-2 EV 2016", "Governikus GmbH & Co. KG", QMap((1, "prodpaos.governikus-eid.de")(1, "prod2.governikus-eid.de")(1, "prod2paos.governikus-eid.de")(1, "test.governikus-eid.de")(1, "testpaos.governikus-eid.de")(1, "akdb.test.governikus-eid.de")(1, "akdbpaos.test.governikus-eid.de")(1, "signon.governikus-eid.de")(1, "signonpaos.governikus-eid.de")(1, "prod3.governikus-eid.de")(1, "prod3paos.governikus-eid.de")(1, "prod.governikus-eid.de")), QDateTime(2020-07-17 10:00:08.000 UTC Qt::UTC), QDateTime(2022-07-21 10:00:08.000 UTC Qt::UTC))
network    2022.07.10 08:20:14.731 198882 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:110) : Used ssl session: "f85687751b6aa21d6becbde9826f209ffa419cb3524d25bb6abd0e19cf3d286f"
network    2022.07.10 08:20:14.731 198882 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:110) : Handshake of tls connection done!
network    2022.07.10 08:20:15.197 198882   ...:onReplyFinished(workflows/base/states/StateGenericSendReceive.cpp:276) : Status Code: 200 "OK"
network    2022.07.10 08:20:15.197 198882   ...:onReplyFinished(workflows/base/states/StateGenericSendReceive.cpp:276) : Header | Connection: keep-alive
network    2022.07.10 08:20:15.198 198882   ...:onReplyFinished(workflows/base/states/StateGenericSendReceive.cpp:276) : Header | Content-Type: application/vnd.paos+xml
network    2022.07.10 08:20:15.198 198882   ...:onReplyFinished(workflows/base/states/StateGenericSendReceive.cpp:276) : Header | Content-Length: 8511
network    2022.07.10 08:20:15.199 198882   ...:onReplyFinished(workflows/base/states/StateGenericSendReceive.cpp:276) : Header | Content-Security-Policy: default-src 'self'
network    2022.07.10 08:20:15.199 198882   ...:onReplyFinished(workflows/base/states/StateGenericSendReceive.cpp:276) : Header | Date: Sun, 10 Jul 2022 06:20:49 GMT
card       2022.07.10 08:20:15.320 198882 C SignatureChecker::check(card/base/asn1/SignatureChecker.cpp:47)            : Certificate verification failed: "DECVCAeID00102"
default    2022.07.10 08:20:15.320 198882 C ...PreVerification::run(workflows/base/states/StatePreVerification.cpp:74) : Pre-verification failed: signature check failed

Comment 1 Michael Weisbach 2022-07-11 13:16:05 UTC

I had a chat with the Support AusweisApp2 team at Governikus. Looks like the AusweisApp2-1.22.3 is outdated and we need to (re)build to AusweisApp2-1.22.6 at least. Can someone take care that the Fedora community build of AusweisApp2 gets refreshed? Thanks, Michael

Comment 2 Norbert Jurkeit 2022-07-12 09:29:55 UTC

Newer releases are available upstream but AusweisApp2-1.22.3 still works for me on Fedora 35 and even on Fedora 36 if I replace /usr/libexec/AusweisApp2 with the binary from the F35 package.

An obvious difference between both binaries is the usage of OpenSSL 3 by the F36 version and OpenSSL 1.1 by the F35 version according to page "Hilfe / Versionsinformationen". So I guess the source code of AusweisApp2 needs some modification to work properly with OpenSSL 3.

Comment 3 aklitzing 2022-07-13 10:10:56 UTC

Hi there,

Yes, you should update the AA2. But that isn't the problem and won't fix this. The AA2 is already be compatible with OpenSSL3 - it just uses "deprecated" APIs until 1.24.0.
"Pre-verification failed" means that the CV-Certificates are not valid. But I don't think that it is invalid here.
It seems that openssl cannot check the algorithms anymore. Looks like the openssl package [1] disabled too much of elliptic curves.


[1] https://src.fedoraproject.org/rpms/openssl/tree/rawhide

Comment 4 Norbert Jurkeit 2022-08-19 11:19:57 UTC

1.24.0 was released upstream a few days ago and supports OpenSSL 3.0.5 according to release notes, so it's worth a try.

Comment 5 Fedora Update System 2022-09-03 18:36:21 UTC

FEDORA-2022-f83b2ce82b has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-f83b2ce82b

Comment 6 Fedora Update System 2022-09-03 18:36:24 UTC

FEDORA-2022-4ce7878f2d has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-4ce7878f2d

Comment 7 Fedora Update System 2022-09-03 18:36:26 UTC

FEDORA-2022-515a71a545 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-515a71a545

Comment 8 Fedora Update System 2022-09-03 23:44:43 UTC

FEDORA-2022-515a71a545 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-515a71a545`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-515a71a545

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2022-09-04 23:54:24 UTC

FEDORA-2022-f83b2ce82b has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-f83b2ce82b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-f83b2ce82b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 10 Fedora Update System 2022-09-05 00:02:44 UTC

FEDORA-2022-4ce7878f2d has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-4ce7878f2d`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-4ce7878f2d

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 11 Julian Sikorski 2022-09-11 09:52:46 UTC

*** Bug 2124998 has been marked as a duplicate of this bug. ***

Comment 12 Julian Sikorski 2022-09-11 09:58:56 UTC

The following warning is shown in the log which was not there in 1.22.2 logs from January this year I still have lying around:

default       2022.09.11 11:41:01.107 63805 W SslCipherList::operator+=(secure_storage/TlsConfiguration.cpp:32)          : Cipher is not supported by OpenSSL and will be ignored: "ECDHE-PSK-AES128-CBC-SHA256"
default       2022.09.11 11:41:01.107 63805 W SslCipherList::operator+=(secure_storage/TlsConfiguration.cpp:32)          : Cipher is not supported by OpenSSL and will be ignored: "ECDHEdefault

Can we confirm whether these are the ciphers used by DECVCAeID00102 certificate?

Comment 13 Julian Sikorski 2022-09-11 10:05:44 UTC

Apologies, I did a copy-paste error:

default       2022.09.11 11:41:01.107 63805 W SslCipherList::operator+=(secure_storage/TlsConfiguration.cpp:32)          : Cipher is not supported by OpenSSL and will be ignored: "ECDHE-PSK-AES128-CBC-SHA256"
default       2022.09.11 11:41:01.107 63805 W SslCipherList::operator+=(secure_storage/TlsConfiguration.cpp:32)          : Cipher is not supported by OpenSSL and will be ignored: "ECDHE
default       2022.09.11 11:41:01.107 63805 W SslCipherList::operator+=(secure_storage/TlsConfiguration.cpp:32)          : Cipher is not supported by OpenSSL and will be ignored: "ECDHE-PSK-AES128-CBC-SHA256"-PSK-AES256-CBC-SHA384"

In any case, the 1.24.1 log shows the following:

network       2022.09.11 11:41:11.268 63805 I NetworkManager::processUpdaterRequest(network/NetworkManager.cpp:173)      : Used session cipher QSslCipher(name=ECDHE-ECDSA-AES128-GCM-SHA256, bits=128, proto=TLSv1.2)
network       2022.09.11 11:41:11.268 63805 I NetworkManager::processUpdaterRequest(network/NetworkManager.cpp:173)      : Used session protocol: "TlsV1_2"
network       2022.09.11 11:41:11.268 63805 I NetworkManager::processUpdaterRequest(network/NetworkManager.cpp:173)      : Used ephemeral server key: QSslKey(PublicKey, EC, 256)
network       2022.09.11 11:41:11.268 63805 I NetworkManager::processUpdaterRequest(network/NetworkManager.cpp:173)      : Used peer certificate: QSslCertificate("3", "7a:70:ab:a4:a6:6d:aa:ff", "hUFmV5s48mTAtg6MJzbMEQ==", "Governikus CA 9:PN", "updates.autentapp.de", QMultiMap((1, "updates.autentapp.de")), QDateTime(2021-12-06 10:18:22.000 UTC Qt::UTC), QDateTime(2027-12-31 23:59:00.000 UTC Qt::UTC))
network       2022.09.11 11:41:11.269 63805 I NetworkManager::processUpdaterRequest(network/NetworkManager.cpp:173)      : Used ssl session: "23e868913e5464e0819ddddc71d182bf0ef5ce4899a5d8e45b337e0d1ad19bd9"
network       2022.09.11 11:41:11.269 63805 I NetworkManager::processUpdaterRequest(network/NetworkManager.cpp:173)      : Handshake of tls connection done!
card          2022.09.11 11:42:08.860 63805 W ...ertificateChainBuilder(card/base/asn1/CVCertificateChainBuilder.cpp:41) : No valid chains could be built
card          2022.09.11 11:42:08.860 63805 W ...ertificateChainBuilder(card/base/asn1/CVCertificateChainBuilder.cpp:41) : No valid chains could be built
support       2022.09.11 11:42:08.860 63805 I AppController::startNewWorkflow(core/controller/AppController.cpp:453)     : Started new workflow SELF
qml           2022.09.11 11:42:08.860 63805 W ApplicationModel::keepScreenOn(ui/qml/ApplicationModel.cpp:389)            : NOT IMPLEMENTED: true
qml           2022.09.11 11:42:08.949 63805 W (/qml/Governikus/View/BaseController.qml:48)                               : No focus item found using TitleBar
network       2022.09.11 11:42:09.130 63805 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used session cipher QSslCipher(name=ECDHE-RSA-AES256-GCM-SHA384, bits=256, proto=TLSv1.2)
network       2022.09.11 11:42:09.130 63805 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used session protocol: "TlsV1_2"
network       2022.09.11 11:42:09.130 63805 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used ephemeral server key: QSslKey(PublicKey, EC, 256)
network       2022.09.11 11:42:09.130 63805 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used peer certificate: QSslCertificate("3", "02:e6:2a:98:5f:8a:17:65:fb:2e:a2:e9:f2:e8:4d:41", "sfLGlGvut9VpAgZZ76orcA==", "TeleSec ServerPass Class 2 CA", "www.autentapp.de", QMultiMap((1, "www.autentapp.de")), QDateTime(2021-11-08 12:30:21.000 UTC Qt::UTC), QDateTime(2022-11-12 23:59:59.000 UTC Qt::UTC))
network       2022.09.11 11:42:09.130 63805 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used ssl session: "c6ddf70c53a07595dea3cd66bcf6ecf8e93d3f3309a5062fef61ea31e1f4f6d2"
network       2022.09.11 11:42:09.130 63805 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Handshake of tls connection done!
network       2022.09.11 11:42:10.025 63805 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used session cipher QSslCipher(name=RSA-PSK-AES256-GCM-SHA384, bits=256, proto=TLSv1.2)
network       2022.09.11 11:42:10.025 63805 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used session protocol: "TlsV1_2"
network       2022.09.11 11:42:10.025 63805 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used ephemeral server key:
network       2022.09.11 11:42:10.025 63805 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used peer certificate: QSslCertificate("3", "74:ce:fd:83:93:52:da:5a:2a:0e:39:35:9c:00:ae:e7", "La6+dWJjNmnRa33ZTRkSaw==", "D-TRUST CA 2-2 EV 2016", "prod.governikus-eid.de", QMultiMap((1, "prodpaos.governikus-eid.de")(1, "prod2.governikus-eid.de")(1, "prod2paos.governikus-eid.de")(1, "prod3.governikus-eid.de")(1, "prod3paos.governikus-eid.de")(1, "prod4.governikus-eid.de")(1, "prod4paos.governikus-eid.de")(1, "prod.governikus-eid.de")), QDateTime(2022-06-14 08:13:14.000 UTC Qt::UTC), QDateTime(2023-06-17 08:13:14.000 UTC Qt::UTC))
network       2022.09.11 11:42:10.025 63805 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used ssl session: "ad75f09425911d10afb6adac55bba04adce63da6094ecba13dd9b27dbdd0db1a"
network       2022.09.11 11:42:10.025 63805 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Handshake of tls connection done!
card          2022.09.11 11:42:10.403 63805 C ecdsapublickey_st::createKey(card/base/asn1/EcdsaPublicKey.cpp:306)        : Cannot fetch data for pkey
card          2022.09.11 11:42:10.403 63805 C SignatureChecker::checkSignature(card/base/asn1/SignatureChecker.cpp:70)   : Cannot fetch signing key
card          2022.09.11 11:42:10.403 63805 C SignatureChecker::check(card/base/asn1/SignatureChecker.cpp:47)            : Certificate verification failed: "DECVCAeID00102"
default       2022.09.11 11:42:10.403 63805 C ...PreVerification::run(workflows/base/states/StatePreVerification.cpp:76) : Pre-verification failed: signature check failed

The corresponding section of the older log looks as follows:

network    2022.01.16 19:07:30.302 452129 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:116) : Used session cipher QSslCipher(name=ECDHE-RSA-AES256-GCM-SHA384, bits=256, proto=TLSv1.2)
network    2022.01.16 19:07:30.302 452129 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:116) : Used session protocol: "TlsV1_2"
network    2022.01.16 19:07:30.302 452129 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:116) : Used ephemeral server key: QSslKey(PublicKey, EC, 384)
network    2022.01.16 19:07:30.303 452129 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:116) : Used peer certificate: QSslCertificate("3", "6e:19:43:f3:ba:d1:53:3e:53:fd:96:3c:13:80:7c:41", "Xa9+8P1nMDDcF1xowCy0bw==", "D-TRUST SSL Class 3 CA 1 EV 2009", "elster.de", QMap((1, "www.elster.de")(1, "www.elsteronline.de")(1, "elsteronline.de")(1, "einfach.elster.de")(1, "www.einfach.elster.de")(1, "eid.elster.de")(1, "elster.de")), QDateTime(2021-06-26 19:19:31.000 UTC Qt::UTC), QDateTime(2022-06-29 19:19:31.000 UTC Qt::UTC))
network    2022.01.16 19:07:30.303 452129 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:116) : Used ssl session: "68e142289e7aff0c54ad78b6b5fa68499b527364c64ebd0a3542fa3005f85cbe"
network    2022.01.16 19:07:30.303 452129 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:116) : Handshake of tls connection done!
network    2022.01.16 19:07:30.463 452129   ...tTcToken::onNetworkReply(workflows/base/states/StateGetTcToken.cpp:150) : Status Code: 303 "See Other"

Comment 14 almaak 2022-09-11 13:50:34 UTC

update 

=============================================================================================================================================================================================
 Package                                          Architecture                           Version                                       Repository                                       Size
=============================================================================================================================================================================================
Upgrading:
 AusweisApp2                                      x86_64                                 1.24.1-1.fc36                                 updates-testing                                 1.1 M
 AusweisApp2-data                                 noarch                                 1.24.1-1.fc36                                 updates-testing                                 5.4 M
Installing dependencies:
 qt6-qtscxml                                      x86_64                                 6.3.1-2.fc36                                  updates                                         549 k
 qt6-qtwebsockets                                 x86_64                                 6.3.1-2.fc36                                  updates                                         102 k

Transaction Summary
=============================================================================================================================================================================================

results in the same error message as before the update on Fedora 36 

network       2022.09.11 15:48:06.620 41770 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used ssl session: "7756508230cdf04578afceac24a2f3d2a560d8c61d38835a14c3d8bc0210e8b4"
network       2022.09.11 15:48:06.620 41770 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Handshake of tls connection done!
network       2022.09.11 15:48:07.449 41770 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used session cipher QSslCipher(name=RSA-PSK-AES256-GCM-SHA384, bits=256, proto=TLSv1.2)
network       2022.09.11 15:48:07.449 41770 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used session protocol: "TlsV1_2"
network       2022.09.11 15:48:07.449 41770 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used ephemeral server key:
network       2022.09.11 15:48:07.449 41770 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used peer certificate: QSslCertificate("3", "74:ce:fd:83:93:52:da:5a:2a:0e:39:35:9c:00:ae:e7", "La6+dWJjNmnRa33ZTRkSaw==", "D-TRUST CA 2-2 EV 2016", "prod.governikus-eid.de", QMultiMap((1, "prodpaos.governikus-eid.de")(1, "prod2.governikus-eid.de")(1, "prod2paos.governikus-eid.de")(1, "prod3.governikus-eid.de")(1, "prod3paos.governikus-eid.de")(1, "prod4.governikus-eid.de")(1, "prod4paos.governikus-eid.de")(1, "prod.governikus-eid.de")), QDateTime(2022-06-14 08:13:14.000 UTC Qt::UTC), QDateTime(2023-06-17 08:13:14.000 UTC Qt::UTC))
network       2022.09.11 15:48:07.449 41770 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used ssl session: "5a8459b074ba25a38ac2fdfe1a70f9097d5c23584e676bd6daa3fb7ac1c15d63"
network       2022.09.11 15:48:07.449 41770 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Handshake of tls connection done!
card          2022.09.11 15:48:07.845 41770 C ecdsapublickey_st::createKey(card/base/asn1/EcdsaPublicKey.cpp:306)        : Cannot fetch data for pkey
card          2022.09.11 15:48:07.845 41770 C SignatureChecker::checkSignature(card/base/asn1/SignatureChecker.cpp:70)   : Cannot fetch signing key
card          2022.09.11 15:48:07.845 41770 C SignatureChecker::check(card/base/asn1/SignatureChecker.cpp:47)            : Certificate verification failed: "DECVCAeID00102"
default       2022.09.11 15:48:07.845 41770 C ...PreVerification::run(workflows/base/states/StatePreVerification.cpp:76) : Pre-verification failed: signature check failed

Comment 15 Julian Sikorski 2022-09-11 13:59:02 UTC

There are log differences between Linux and Windows, I wonder if these are relevant. Windows:

fileprovider  2022.09.11 12:27:10.220 9020 C UpdatableFile::writeDataToFile(file_provider/UpdatableFile.cpp:214)        : File already exists, aborting writing file: "C:/Users/beleg/AppData/Local/Governikus GmbH & Co. KG/AusweisApp2/cache//supported-providers.json_20220908074822"
fileprovider  2022.09.11 12:27:10.220 9020 C UpdatableFile::onDownloadSuccess(file_provider/UpdatableFile.cpp:175)      : Could not write downloaded file "C:/Users/beleg/AppData/Local/Governikus GmbH & Co. KG/AusweisApp2/cache//supported-providers.json_20220908074822"
fileprovider  2022.09.11 12:27:10.220 9020   Downloader::startDownloadIfPending(file_provider/Downloader.cpp:42)        : No pending requests to be started.
qt.scenegr... 2022.09.11 12:27:10.248 9020   (unknown:0)                                                                       : Using sg animation driver
qt.scenegr... 2022.09.11 12:27:10.248 9020   (unknown:0)                                                                       : animation driver switched to vsync mode
card          2022.09.11 12:27:12.355 9020 W ...ertificateChainBuilder(card/base/asn1/CVCertificateChainBuilder.cpp:41) : No valid chains could be built
card          2022.09.11 12:27:12.355 9020 W ...ertificateChainBuilder(card/base/asn1/CVCertificateChainBuilder.cpp:41) : No valid chains could be built
default       2022.09.11 12:27:12.355 9020   AppController::onWorkflowRequested(core/controller/AppController.cpp:225)  : New workflow requested: SELF
support       2022.09.11 12:27:12.355 9020 I AppController::startNewWorkflow(core/controller/AppController.cpp:453)     : Started new workflow SELF
default       2022.09.11 12:27:12.356 9020   AppController::startNewWorkflow(core/controller/AppController.cpp:457)     : Start governikus::SelfAuthController
default       2022.09.11 12:27:12.356 9020   WorkflowContext::claim(workflows/base/context/WorkflowContext.cpp:76)      : Claim workflow by "governikus::UIPlugInQml"
qml           2022.09.11 12:27:12.356 9020 W ApplicationModel::keepScreenOn(ui/qml/ApplicationModel.cpp:389)            : NOT IMPLEMENTED: true
default       2022.09.11 12:27:12.356 9020   NumberModel>(global/Env.h:129)                                             : Create singleton: governikus::NumberModel
default       2022.09.11 12:27:12.375 9020   AuthModel>(global/Env.h:129)                                               : Create singleton: governikus::AuthModel
default       2022.09.11 12:27:12.381 9020   ConnectivityManager>(global/Env.h:129)                                     : Create singleton: governikus::ConnectivityManager
default       2022.09.11 12:27:12.387 9020   PinResetInformationModel>(global/Env.h:129)                                : Create singleton: governikus::PinResetInformationModel
default       2022.09.11 12:27:12.391 9020   CertificateDescriptionModel>(global/Env.h:129)                             : Create singleton: governikus::CertificateDescriptionModel
default       2022.09.11 12:27:12.391 9020   ChatModel>(global/Env.h:129)                                               : Create singleton: governikus::ChatModel
qml           2022.09.11 12:27:12.462 9020 W (/qml/Governikus/View/BaseController.qml:48)                               : No focus item found using TitleBar
network       2022.09.11 12:27:12.465 9020   ConnectivityManager::setActive(ui/qml/ConnectivityManager.cpp:39)          : Found active network interface "ethernet_32770"
statemachine  2022.09.11 12:27:12.466 9020   AbstractState::onEntry(workflows/base/states/AbstractState.cpp:95)         : Next state is "StateLoadTcTokenUrl"
statemachine  2022.09.11 12:27:12.506 9020   ...ate::onStateApprovedChanged(workflows/base/states/AbstractState.cpp:73) : Running state "StateLoadTcTokenUrl"
default       2022.09.11 12:27:12.506 9020   ...adTcTokenUrl::run(workflows/selfauth/states/StateLoadTcTokenUrl.cpp:24) : Loaded tcTokenUrl for self-authentication from securestorage: QUrl("https://www.autentapp.de/AusweisAuskunft/WebServiceRequesterServlet?mode=json")
statemachine  2022.09.11 12:27:12.506 9020   AbstractState::onExit(workflows/base/states/AbstractState.cpp:115)         : Leaving state "StateLoadTcTokenUrl" with status: [ OK + No_Error | "Es ist kein Fehler aufgetreten." ]
statemachine  2022.09.11 12:27:12.506 9020   AbstractState::onEntry(workflows/base/states/AbstractState.cpp:95)         : Next state is "StateGetTcToken"
statemachine  2022.09.11 12:27:12.508 9020   ...ate::onStateApprovedChanged(workflows/base/states/AbstractState.cpp:73) : Running state "StateGetTcToken"
default       2022.09.11 12:27:12.508 9020   StateGetTcToken::run(workflows/base/states/StateGetTcToken.cpp:35)         : Got TC Token URL: QUrl("https://www.autentapp.de/AusweisAuskunft/WebServiceRequesterServlet?mode=json")
network       2022.09.11 12:27:12.509 9020   ...espace'::SystemProxyFactory::queryProxy(network/NetworkManager.cpp:436) : ProxyQuery(type: QNetworkProxyQuery::UrlRequest, protocol: "https", peerPort: -1, peerHostName: "www.autentapp.de", localPort: -1, url: QUrl("https://www.autentapp.de/AusweisAuskunft/WebServiceRequesterServlet?mode=json"))
network       2022.09.11 12:27:12.510 9020   ...espace'::SystemProxyFactory::queryProxy(network/NetworkManager.cpp:438) : Found proxies QList(NoProxy """:0" ["Tunnel Listen UDP SctpTunnel SctpListen"])
network       2022.09.11 12:27:12.718 9020   TlsChecker::getFatalErrors(network/TlsChecker.cpp:213)                     : (ignored) "Die Identität des OCSP-Responders konnte nicht verifiziert werden"
network       2022.09.11 12:27:12.718 9020   TlsChecker::getFatalErrors(network/TlsChecker.cpp:213)                     : (ignored) "Das oberste Zertifikat der Kette ist selbstsigniert und daher nicht vertrauenswürdig"
network       2022.09.11 12:27:12.718 9020   TlsChecker::containsFatalError(network/TlsChecker.cpp:251)                 : Ignore SSL errors
network       2022.09.11 12:27:12.718 9020 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used session cipher QSslCipher(name=ECDHE-RSA-AES256-GCM-SHA384, bits=256, proto=TLSv1.2)
network       2022.09.11 12:27:12.718 9020 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used session protocol: "TlsV1_2"
network       2022.09.11 12:27:12.718 9020 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used ephemeral server key: QSslKey(PublicKey, EC, 256)
network       2022.09.11 12:27:12.718 9020 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used peer certificate: QSslCertificate("3", "02:e6:2a:98:5f:8a:17:65:fb:2e:a2:e9:f2:e8:4d:41", "sfLGlGvut9VpAgZZ76orcA==", "TeleSec ServerPass Class 2 CA", "www.autentapp.de", QMultiMap((1, "www.autentapp.de")), QDateTime(2021-11-08 12:30:21.000 UTC Qt::UTC), QDateTime(2022-11-12 23:59:59.000 UTC Qt::UTC))
network       2022.09.11 12:27:12.718 9020 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used ssl session: "c7efa490faf88ec9f5ea29cf8440b178cfbdac9d37c202412da15ea6d2c5acd8"
network       2022.09.11 12:27:12.718 9020 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Handshake of tls connection done!
default       2022.09.11 12:27:12.718 9020   TlsChecker::hasValidCertificateKeyLength(network/TlsChecker.cpp:46)        : Check certificate key of type "Rsa" and key size 4096
default       2022.09.11 12:27:12.718 9020   TlsChecker::isValidKeyLength(network/TlsChecker.cpp:82)                    : Minimum requested key size 2000
default       2022.09.11 12:27:12.718 9020   TlsChecker::hasValidEphemeralKeyLength(network/TlsChecker.cpp:61)          : Check ephemeral key of type "Ec" and key size 256
default       2022.09.11 12:27:12.718 9020   TlsChecker::isValidKeyLength(network/TlsChecker.cpp:82)                    : Minimum requested key size 250

Linux:

fileprovider  2022.09.11 12:10:12.254 92371 C UpdatableFile::writeDataToFile(file_provider/UpdatableFile.cpp:214)        : File already exists, aborting writing file: "/home/julas/.cache/AusweisApp2//supported-providers.json_20220908074822"
fileprovider  2022.09.11 12:10:12.254 92371 C UpdatableFile::onDownloadSuccess(file_provider/UpdatableFile.cpp:175)      : Could not write downloaded file "/home/julas/.cache/AusweisApp2//supported-providers.json_20220908074822"
card          2022.09.11 12:10:16.480 92371 W ...ertificateChainBuilder(card/base/asn1/CVCertificateChainBuilder.cpp:41) : No valid chains could be built
card          2022.09.11 12:10:16.480 92371 W ...ertificateChainBuilder(card/base/asn1/CVCertificateChainBuilder.cpp:41) : No valid chains could be built
support       2022.09.11 12:10:16.480 92371 I AppController::startNewWorkflow(core/controller/AppController.cpp:453)     : Started new workflow SELF
qml           2022.09.11 12:10:16.480 92371 W ApplicationModel::keepScreenOn(ui/qml/ApplicationModel.cpp:389)            : NOT IMPLEMENTED: true
qml           2022.09.11 12:10:16.568 92371 W (/qml/Governikus/View/BaseController.qml:48)                               : No focus item found using TitleBar
network       2022.09.11 12:10:16.778 92371 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used session cipher QSslCipher(name=ECDHE-RSA-AES256-GCM-SHA384, bits=256, proto=TLSv1.2)
network       2022.09.11 12:10:16.779 92371 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used session protocol: "TlsV1_2"
network       2022.09.11 12:10:16.779 92371 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used ephemeral server key: QSslKey(PublicKey, EC, 256)
network       2022.09.11 12:10:16.779 92371 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used peer certificate: QSslCertificate("3", "02:e6:2a:98:5f:8a:17:65:fb:2e:a2:e9:f2:e8:4d:41", "sfLGlGvut9VpAgZZ76orcA==", "TeleSec ServerPass Class 2 CA", "www.autentapp.de", QMultiMap((1, "www.autentapp.de")), QDateTime(2021-11-08 12:30:21.000 UTC Qt::UTC), QDateTime(2022-11-12 23:59:59.000 UTC Qt::UTC))
network       2022.09.11 12:10:16.779 92371 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used ssl session: "022660d31a7215e11f9344d90a1e2af5859b717847f592fbd196389114724ce8"
network       2022.09.11 12:10:16.779 92371 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Handshake of tls connection done!
network       2022.09.11 12:10:17.678 92371 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used session cipher QSslCipher(name=RSA-PSK-AES256-GCM-SHA384, bits=256, proto=TLSv1.2)
network       2022.09.11 12:10:17.678 92371 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used session protocol: "TlsV1_2"
network       2022.09.11 12:10:17.678 92371 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used ephemeral server key:
network       2022.09.11 12:10:17.678 92371 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used peer certificate: QSslCertificate("3", "74:ce:fd:83:93:52:da:5a:2a:0e:39:35:9c:00:ae:e7", "La6+dWJjNmnRa33ZTRkSaw==", "D-TRUST CA 2-2 EV 2016", "prod.governikus-eid.de", QMultiMap((1, "prodpaos.governikus-eid.de")(1, "prod2.governikus-eid.de")(1, "prod2paos.governikus-eid.de")(1, "prod3.governikus-eid.de")(1, "prod3paos.governikus-eid.de")(1, "prod4.governikus-eid.de")(1, "prod4paos.governikus-eid.de")(1, "prod.governikus-eid.de")), QDateTime(2022-06-14 08:13:14.000 UTC Qt::UTC), QDateTime(2023-06-17 08:13:14.000 UTC Qt::UTC))
network       2022.09.11 12:10:17.678 92371 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used ssl session: "2ae215d1661f3b5a586ae20a0bfb0176d301e22238e70e20254b90539317e038"
network       2022.09.11 12:10:17.678 92371 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Handshake of tls connection done!
card          2022.09.11 12:10:18.149 92371 C ecdsapublickey_st::createKey(card/base/asn1/EcdsaPublicKey.cpp:306)        : Cannot fetch data for pkey
card          2022.09.11 12:10:18.149 92371 C SignatureChecker::checkSignature(card/base/asn1/SignatureChecker.cpp:70)   : Cannot fetch signing key
card          2022.09.11 12:10:18.149 92371 C SignatureChecker::check(card/base/asn1/SignatureChecker.cpp:47)            : Certificate verification failed: "DECVCAeID00102"
default       2022.09.11 12:10:18.149 92371 C ...PreVerification::run(workflows/base/states/StatePreVerification.cpp:76) : Pre-verification failed: signature check failed

Things that are interesting:
- Windows ignores SSL errors
- Windows mentions a self-signed certificate
- Linux has a blank entry for the ephemeral server key

Comment 16 Fedora Update System 2022-09-12 17:45:58 UTC

FEDORA-2022-515a71a545 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 17 Fedora Update System 2022-09-13 01:26:45 UTC

FEDORA-2022-f83b2ce82b has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 18 Fedora Update System 2022-09-13 01:29:55 UTC

FEDORA-2022-4ce7878f2d has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 19 Andreas 2022-09-13 20:32:31 UTC

(In reply to Fedora Update System from comment #17)
> FEDORA-2022-f83b2ce82b has been pushed to the Fedora 36 stable repository.
> If problem still persists, please make note of it in this bug report.

i just installed it. The error still persists.
 ### Application: AusweisApp2
 ### Application Version: 1.24.1

 ### System: Fedora Linux 36 (Thirty Six)
 ### Kernel: 5.19.8-200.fc36.x86_64
 ### Architecture: x86_64

 OpenSSL Version: OpenSSL 3.0.5 5 Jul 2022


network       2022.09.13 22:16:55.695 4096 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used session cipher QSslCipher(name=ECDHE-RSA-AES256-GCM-SHA384, bits=256, proto=TLSv1.2)
network       2022.09.13 22:16:55.695 4096 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used session protocol: "TlsV1_2"
network       2022.09.13 22:16:55.696 4096 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used ephemeral server key: QSslKey(PublicKey, EC, 256)
network       2022.09.13 22:16:55.696 4096 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used peer certificate: QSslCertificate("3", "02:e6:2a:98:5f:8a:17:65:fb:2e:a2:e9:f2:e8:4d:41", "sfLGlGvut9VpAgZZ76orcA==", "TeleSec ServerPass Class 2 CA", "www.autentapp.de", QMultiMap((1, "www.autentapp.de")), QDateTime(2021-11-08 12:30:21.000 UTC Qt::UTC), QDateTime(2022-11-12 23:59:59.000 UTC Qt::UTC))
network       2022.09.13 22:16:55.696 4096 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Used ssl session: "47a9e3eb1323a4c7beac6075af0241ad605877f3d01a51c4b91135f1b1490ade"
network       2022.09.13 22:16:55.696 4096 I ...oken::onSslHandshakeDone(workflows/base/states/StateGetTcToken.cpp:121) : Handshake of tls connection done!
network       2022.09.13 22:16:56.645 4096 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used session cipher QSslCipher(name=RSA-PSK-AES256-GCM-SHA384, bits=256, proto=TLSv1.2)
network       2022.09.13 22:16:56.645 4096 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used session protocol: "TlsV1_2"
network       2022.09.13 22:16:56.645 4096 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used ephemeral server key:
network       2022.09.13 22:16:56.646 4096 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used peer certificate: QSslCertificate("3", "74:ce:fd:83:93:52:da:5a:2a:0e:39:35:9c:00:ae:e7", "La6+dWJjNmnRa33ZTRkSaw==", "D-TRUST CA 2-2 EV 2016", "prod.governikus-eid.de", QMultiMap((1, "prodpaos.governikus-eid.de")(1, "prod2.governikus-eid.de")(1, "prod2paos.governikus-eid.de")(1, "prod3.governikus-eid.de")(1, "prod3paos.governikus-eid.de")(1, "prod4.governikus-eid.de")(1, "prod4paos.governikus-eid.de")(1, "prod.governikus-eid.de")), QDateTime(2022-06-14 08:13:14.000 UTC Qt::UTC), QDateTime(2023-06-17 08:13:14.000 UTC Qt::UTC))
network       2022.09.13 22:16:56.646 4096 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Used ssl session: "4e768262addc40721284f08e438bce4907d2b2ff25dbdd1faa907e32e0e43fd4"
network       2022.09.13 22:16:56.646 4096 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Handshake of tls connection done!
card          2022.09.13 22:16:57.049 4096 C ecdsapublickey_st::createKey(card/base/asn1/EcdsaPublicKey.cpp:306)        : Cannot fetch data for pkey
card          2022.09.13 22:16:57.049 4096 C SignatureChecker::checkSignature(card/base/asn1/SignatureChecker.cpp:70)   : Cannot fetch signing key
card          2022.09.13 22:16:57.049 4096 C SignatureChecker::check(card/base/asn1/SignatureChecker.cpp:47)            : Certificate verification failed: "DECVCAeID00102"
default       2022.09.13 22:16:57.049 4096 C ...PreVerification::run(workflows/base/states/StatePreVerification.cpp:76) : Pre-verification failed: signature check failed

Comment 20 aklitzing 2022-09-15 07:33:06 UTC

It's still the same problem. OpenSSL fails because the CV-Certificate (NOT TLS) uses elliptic curves that was disabled in OpenSSL. You need to enable that. Don't be confused by TLS ciphers in the log. This isn't the problem - as you can see the TLS connection was successful. :-)

Comment 21 Andreas 2022-09-15 11:48:01 UTC

(In reply to aklitzing from comment #20)
> It's still the same problem. OpenSSL fails because the CV-Certificate (NOT
> TLS) uses elliptic curves that was disabled in OpenSSL. You need to enable
> that. Don't be confused by TLS ciphers in the log. This isn't the problem -
> as you can see the TLS connection was successful. :-)

Thanks. I tried that.
But i can not get pass the not declared Error for
    ADD_TEST(char2_field_tests);
    ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));

I went back to AusweisApp2-1.22.3-1.fc35.x86_64.
Now it is working. At least at the moment.

Comment 22 Julian Sikorski 2022-10-27 09:29:56 UTC

I can confirm that this problem goes away if locally-rebuilt, not hobbled openssl is used.

Comment 23 Norbert Jurkeit 2022-11-11 15:47:55 UTC

(In reply to Julian Sikorski from comment #22)
> I can confirm that this problem goes away if locally-rebuilt, not hobbled
> openssl is used.

Thank you for sharing this discovery. As AusweisApp2 still works with certain card readers on Fedora 35 this would mean that OpenSSl is even more crippled on Fedora 36 than Fedora 35. At least recent articles on the legal mailing list indicate that things may improve soon.

Comment 24 Peter Bieringer 2022-12-12 21:12:34 UTC

Problem still exists even on F37:

rpm -q AusweisApp2
AusweisApp2-1.24.4-2.fc37.x86_64

network       2022.12.12 22:08:18.273 26473 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Handshake of tls connection done!
card          2022.12.12 22:08:18.670 26473 C ecdsapublickey_st::createKey(card/base/asn1/EcdsaPublicKey.cpp:306)        : Cannot fetch data for pkey
card          2022.12.12 22:08:18.670 26473 C SignatureChecker::checkSignature(card/base/asn1/SignatureChecker.cpp:70)   : Cannot fetch signing key
card          2022.12.12 22:08:18.670 26473 C SignatureChecker::check(card/base/asn1/SignatureChecker.cpp:47)            : Certificate verification failed: "DECVCAeID00102"
default       2022.12.12 22:08:18.670 26473 C ...PreVerification::run(workflows/base/states/StatePreVerification.cpp:76) : Pre-verification failed: signature check failed

Comment 25 Alexander 2023-01-02 20:53:29 UTC

Created attachment 1935360 [details]
Veraltete Version

Comment 26 Roland 2023-02-18 18:09:11 UTC

Problem still exists even on F37 using latest version:

rpm -q AusweisApp2
AusweisApp2-1.26.2-2.fc37.x86_64


network       2023.02.08 17:01:04.268 8229 I ...SslHandshakeDone(workflows/base/states/StateGenericSendReceive.cpp:105) : Handshake of tls connection done!
card          2023.02.08 17:01:04.693 8229 C ecdsapublickey_st::createKey(card/base/asn1/EcdsaPublicKey.cpp:306)        : Cannot fetch data for pkey
card          2023.02.08 17:01:04.694 8229 C SignatureChecker::checkSignature(card/base/asn1/SignatureChecker.cpp:70)   : Cannot fetch signing key
card          2023.02.08 17:01:04.694 8229 C SignatureChecker::check(card/base/asn1/SignatureChecker.cpp:47)            : Certificate verification failed: "DECVCAeID00102"
default       2023.02.08 17:01:04.695 8229 C ...PreVerification::run(workflows/base/states/StatePreVerification.cpp:76) : Pre-verification failed: signature check failed

Comment 27 Fedora Update System 2023-03-23 18:31:03 UTC

FEDORA-2023-931b7f44af has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-931b7f44af

Comment 28 Fedora Update System 2023-03-24 03:01:37 UTC

FEDORA-2023-931b7f44af has been pushed to the Fedora 38 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-931b7f44af

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 29 Fedora Update System 2023-03-26 00:20:20 UTC

FEDORA-2023-931b7f44af has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 30 xspielinbox+redhat 2023-03-29 13:31:38 UTC

This problem still occurs for me in Fedora 37 when trying to apply for a pin-reset at https://www.pin-ruecksetzbrief-bestellen.de/bestellung/zwischenseite:

warnings and errors in log:
SslCipherList::operator+=(secure_storage/TlsConfiguration.cpp:27)          : Cipher is not supported by OpenSSL and will be ignored: "ECDHE-PSK-AES128-CBC-SHA256"
SslCipherList::operator+=(secure_storage/TlsConfiguration.cpp:27)          : Cipher is not supported by OpenSSL and will be ignored: "ECDHE-PSK-AES256-CBC-SHA384"
UpdatableFile::writeDataToFile(file_provider/UpdatableFile.cpp:214)        : File already exists, aborting writing file: "/home/[...]/.cache/AusweisApp2//supported-providers.json_20230222132215"
UpdatableFile::onDownloadSuccess(file_provider/UpdatableFile.cpp:175)      : Could not write downloaded file "/home/[...]/.cache/AusweisApp2//supported-providers.json_20230222132215"
...ertificateChainBuilder(card/base/asn1/CVCertificateChainBuilder.cpp:41) : No valid chains could be built
...ertificateChainBuilder(card/base/asn1/CVCertificateChainBuilder.cpp:41) : No valid chains could be built
ApplicationModel::keepScreenOn(ui/qml/ApplicationModel.cpp:370)            : NOT IMPLEMENTED: true
(/qml/Governikus/View/BaseController.qml:39)                               : No focus item found using TitleBar
ecdsapublickey_st::createKey(card/base/asn1/EcdsaPublicKey.cpp:306)        : Cannot fetch data for pkey
SignatureChecker::checkSignature(card/base/asn1/SignatureChecker.cpp:70)   : Cannot fetch signing key
SignatureChecker::check(card/base/asn1/SignatureChecker.cpp:47)            : Certificate verification failed: "DECVCAeID00102"
...PreVerification::run(workflows/base/states/StatePreVerification.cpp:76) : Pre-verification failed: signature check failed

If the new version in Fedora 38 fixed this. Could this please be ported to Fedora 37 too?

Comment 31 Julian Sikorski 2023-03-29 15:22:51 UTC

openssl with Brainpool curves enabled was only built for F38 and later. But in this case this bug should not have been closed, at least not as ERRATA but as NEXTRELEASE.

Comment 32 Peter Bieringer 2023-03-29 15:55:13 UTC

I can confirm that it is working now on a today from F37 to F38beta updated client system (laptop).

Note You need to log in before you can comment on or make changes to this bug.