Bug#537382: The bug consists in the symbolic links created for ca-certificates.crt

To: Debian Bug Tracking System <537382@bugs.debian.org>
Subject: Bug#537382: The bug consists in the symbolic links created for ca-certificates.crt
From: Emilio Lazo Zaia <emiliolazozaia@gmail.com>
Date: Sat, 20 Aug 2011 14:03:27 -0430
Message-id: <[🔎] 20110820183327.30983.53940.reportbug@localhost.localdomain>
Reply-to: Emilio Lazo Zaia <emiliolazozaia@gmail.com>, 537382@bugs.debian.org

Package: ca-certificates
Version: 20110502
Followup-For: Bug #537382

Hi!

update-ca-certificates make links whose filenames are the hashes of each certificate (/etc/ssl/certs/*.0 files), but this includes the bundle /etc/ssl/certs/ca-certificates.crt, and its hashes corresponds to the first certificate appended in (brasil.gov.br), so that's the duplicate. I did suggest a patch to update-ca-certificates which prevents making hashes for the bundle file:

--- update-ca-certificates      2011-06-29 12:53:49.000000000 -0430
+++ /usr/sbin/update-ca-certificates    2011-08-20 13:21:16.000000000 -0430
@@ -96,6 +96,9 @@
     test -f $symlink || rm -f $symlink
  done
  echo "done."
+  echo -n "Removing $CERTBUNDLE bundle file in $ETCCERTSDIR..."
+  rm -f $CERTBUNDLE
+  echo "done."
 fi

 echo -n "Updating certificates in $ETCCERTSDIR... "
@@ -127,9 +130,6 @@
  done
 fi

-chmod 0644 "$TEMPBUNDLE"
-mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
-
 ADDED_CNT=$(wc -l < "$ADDED")
 REMOVED_CNT=$(wc -l < "$REMOVED")

@@ -157,5 +157,8 @@
 done
 echo "done."

+chmod 0644 "$TEMPBUNDLE"
+mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
+
 # vim:set et sw=2:

Without a patched version of update-ca-certificates, no symolic link in /etc/ss/certs points to brasil.gov.br.pem but 6f5d9899.0 and b4f0b7e7.0 both points to ca-certificates.crt.

Regards.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable'), (700, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]         1.5.40     Debian configuration management sy
ii  openssl                       1.0.0d-3   Secure Socket Layer (SSL) binary a

ca-certificates recommends no packages.

ca-certificates suggests no packages.

-- debconf information excluded

-- debsums errors found:
debsums: changed file /usr/sbin/update-ca-certificates (from ca-certificates package)

Reply to:

Prev by Date: Bug#638670: GUI doesn't seem to do anything, at least without any options used
Next by Date: Bug#638614: FTBFS on ia64 (internal compiler error)
Previous by thread: Bug#638670: GUI doesn't seem to do anything, at least without any options used
Next by thread: Processing of kradio4_4.0.2-5_amd64.changes
Index(es):
- Date
- Thread