[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#537382: The bug consists in the symbolic links created for ca-certificates.crt

Package: ca-certificates
Version: 20110502
Followup-For: Bug #537382


update-ca-certificates make links whose filenames are the hashes of each certificate (/etc/ssl/certs/*.0 files), but this includes the bundle /etc/ssl/certs/ca-certificates.crt, and its hashes corresponds to the first certificate appended in (brasil.gov.br), so that's the duplicate. I did suggest a patch to update-ca-certificates which prevents making hashes for the bundle file:

--- update-ca-certificates      2011-06-29 12:53:49.000000000 -0430
+++ /usr/sbin/update-ca-certificates    2011-08-20 13:21:16.000000000 -0430
@@ -96,6 +96,9 @@
     test -f $symlink || rm -f $symlink
  echo "done."
+  echo -n "Removing $CERTBUNDLE bundle file in $ETCCERTSDIR..."
+  rm -f $CERTBUNDLE
+  echo "done."

 echo -n "Updating certificates in $ETCCERTSDIR... "
@@ -127,9 +130,6 @@

-chmod 0644 "$TEMPBUNDLE"
 ADDED_CNT=$(wc -l < "$ADDED")
 REMOVED_CNT=$(wc -l < "$REMOVED")

@@ -157,5 +157,8 @@
 echo "done."

+chmod 0644 "$TEMPBUNDLE"
 # vim:set et sw=2:

Without a patched version of update-ca-certificates, no symolic link in /etc/ss/certs points to brasil.gov.br.pem but 6f5d9899.0 and b4f0b7e7.0 both points to ca-certificates.crt.


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable'), (700, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]         1.5.40     Debian configuration management sy
ii  openssl                       1.0.0d-3   Secure Socket Layer (SSL) binary a

ca-certificates recommends no packages.

ca-certificates suggests no packages.

-- debconf information excluded

-- debsums errors found:
debsums: changed file /usr/sbin/update-ca-certificates (from ca-certificates package)

Reply to: