[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#572882: marked as done (Please add correct links to cacert)

Your message dated Sun, 23 Oct 2011 22:10:13 -0500
with message-id <4EA4D715.1090105@pbandjelly.org>
and subject line Re: Please add correct links to cacert
has caused the Debian Bug report #572882,
regarding Please add correct links to cacert
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

572882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572882
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Hash: SHA512

Package: ca-certificates
Version: 20090814
Severity: important

I set the severity to important cause it affects other software which
use the cacert certificate. Feel free to adjust the severity.

Since to upgrade from stable to unstable the cacert certificates are not
find anymore. The reason is that (as reaction to bug 415125, I think)
both certificates, the class3 and the root was putting into one file,
cacert.org.crt. As this is ok for openssl the problem is that only for
the first certificate in the file, a hash-link is created in
/etc/ssl/certs (5ed36f99.0, old root.crt) but not for the second
certificate (e5662767.0, old class3.crt) so it gets not find by ssl
enabled software connecting to a host signed by the second certificate

Please fix the hashing procedure to create _all_ hashes for _all_

- -- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (800, 'unstable'), (700, 'stable'), (600, 'oldstable'), (60, 'experimental')
Architecture: i386 (i686)

Kernel: Linux
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Shell: /bin/sh linked to /bin/dash

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]         1.5.28     Debian configuration management sy
ii  openssl                       0.9.8k-8   Secure Socket Layer (SSL) binary a

ca-certificates recommends no packages.

ca-certificates suggests no packages.

- -- debconf information:
* ca-certificates/enable_crts: brasil.gov.br/brasil.gov.br.crt, cacert.org/cacert.org.crt, debconf.org/ca.crt, gouv.fr/cert_igca_dsa.crt, gouv.fr/cert_igca_rsa.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, spi-inc.org/spi-cacert-2008.crt
* ca-certificates/trust_new_crts: ask

- -- 
Klaus Ethgen                            http://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
Version: GnuPG v1.4.10 (GNU/Linux)


--- End Message ---
--- Begin Message ---
It appears the openssl 1.0.0e-1 upload, fixing #594524, corrected this
issue.  Thanks.

$ cd /etc/ssl/certs/
$ ls -l 5ed36f99.0 e5662767.0
lrwxrwxrwx 1 root root 14 Oct 23 19:08 5ed36f99.0 -> cacert.org.pem
lrwxrwxrwx 1 root root 14 Oct 23 19:08 e5662767.0 -> cacert.org.pem

Kind regards,
Michael Shuler

--- End Message ---

Reply to: