On dim., 2011-09-04 at 01:37 -0500, Raphael Geissert wrote: > On Saturday 03 September 2011 01:45:22 Mike Hommey wrote: > > Looking at the patches, this really is: > [...] > > Ok, with the patches we got NSS covered, but we still need to do something for > other users. > > A first look at stuff we ship, this seems to be their current status: > * NSS: > ice* packages should be okay after the latest NSS update. For other NSS users I guess they're ok? I've just checked in evolution certificate store and there's no DigiNotar one, though I don't know if evolution would prevent connection to an imap/pop/smtp server with a relevant certificate. evolution uses gnutls for calendars (since it's http/https) and so is protected through ca-certificates afaict? > > * OpenSSL > Nothing special here > > * GnuTLS > Nothing special here > > * chromium: > Even after the NSS update, it seems to be happy to use the Explicitly > Distrusted certs. I've tried the tree websites given on this bug report but I don't know if they still make sense: https://www.diginotar.nl redirects to http://www.diginotar.nl/ (!!) but as the redirect isn't prevented I guess chromium is ok with the certificate. https://sha2.diginotar.nl/ succeeds, chain of certification is: CN = sha2.diginotar.nl CN = DigiNotar PKIoverheid CA Organisatie - G2 CN = Staat der Nederlanden Organisatie CA - G2 CN = Staat der Nederlanden Root CA - G2 (chromium builtin). Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part