Re: server certificates/key pairs and CA directories

To: Thorsten Glaser <t.glaser@tarent.de>
Cc: debian-devel@lists.debian.org
Subject: Re: server certificates/key pairs and CA directories
From: Kurt Roeckx <kurt@roeckx.be>
Date: Mon, 3 Aug 2015 09:16:36 +0200
Message-id: <[🔎] 20150803071636.GA24215@roeckx.be>
In-reply-to: <loom.20150721T184836-923@post.gmane.org>
References: <55965143.1070103@pocock.pro> <loom.20150721T184836-923@post.gmane.org>

On Tue, Jul 21, 2015 at 04:50:42PM +0000, Thorsten Glaser wrote:
> Daniel Pocock <daniel <at> pocock.pro> writes:
> 
> > I looked at the package ssl-cert to try and understand and there I found
> > that it is using /etc/ssl/certs for server certs while other packages
> 
> Do NOT do that.
> 
> It's causing trouble because some software (e.g. Gajim) reads all files
> under /etc/ssl/certs/ not just the hashed ones - presumably because
> OpenSSL 1.x changed the algorithm used for the hash, while GnuTLS
> keeps using the OpenSSL 0.x one (in MirBSD I just symlink them both).

In Debian we've been adding both the new and the old hash.  Does
anybody know this is still needed?


Kurt

Reply to:

Prev by Date: Re: server certificates/key pairs and CA directories
Next by Date: Re: How to deal with fixed but open bugs
Previous by thread: Re: server certificates/key pairs and CA directories
Next by thread: certificate creation in postinst, potentially using letsencrypt script
Index(es):
- Date
- Thread