Re: server certificates/key pairs and CA directories
On Tue, Jul 21, 2015 at 04:50:42PM +0000, Thorsten Glaser wrote:
> Daniel Pocock <daniel <at> pocock.pro> writes:
>
> > I looked at the package ssl-cert to try and understand and there I found
> > that it is using /etc/ssl/certs for server certs while other packages
>
> Do NOT do that.
>
> It's causing trouble because some software (e.g. Gajim) reads all files
> under /etc/ssl/certs/ not just the hashed ones - presumably because
> OpenSSL 1.x changed the algorithm used for the hash, while GnuTLS
> keeps using the OpenSSL 0.x one (in MirBSD I just symlink them both).
In Debian we've been adding both the new and the old hash. Does
anybody know this is still needed?
Kurt
Reply to: