--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Please add correct links to cacert
- From: Klaus Ethgen <Klaus@Ethgen.de>
- Date: Sun, 7 Mar 2010 12:57:56 +0100
- Message-id: <20100307115754.GA8371@ikki.ethgen.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package: ca-certificates
Version: 20090814
Severity: important
I set the severity to important cause it affects other software which
use the cacert certificate. Feel free to adjust the severity.
Since to upgrade from stable to unstable the cacert certificates are not
find anymore. The reason is that (as reaction to bug 415125, I think)
both certificates, the class3 and the root was putting into one file,
cacert.org.crt. As this is ok for openssl the problem is that only for
the first certificate in the file, a hash-link is created in
/etc/ssl/certs (5ed36f99.0, old root.crt) but not for the second
certificate (e5662767.0, old class3.crt) so it gets not find by ssl
enabled software connecting to a host signed by the second certificate
Please fix the hashing procedure to create _all_ hashes for _all_
certificates.
- -- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (800, 'unstable'), (700, 'stable'), (600, 'oldstable'), (60, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32.9
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Shell: /bin/sh linked to /bin/dash
Versions of packages ca-certificates depends on:
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii openssl 0.9.8k-8 Secure Socket Layer (SSL) binary a
ca-certificates recommends no packages.
ca-certificates suggests no packages.
- -- debconf information:
* ca-certificates/enable_crts: brasil.gov.br/brasil.gov.br.crt, cacert.org/cacert.org.crt, debconf.org/ca.crt, gouv.fr/cert_igca_dsa.crt, gouv.fr/cert_igca_rsa.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, spi-inc.org/spi-cacert-2008.crt
ca-certificates/new_crts:
* ca-certificates/trust_new_crts: ask
- --
Klaus Ethgen http://www.ethgen.de/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEVAwUBS5OUwp+OKpjRpO3lAQo8GQf9GCCT7TCLmCGXGwJqcV8V8WcReHt4Nwfa
OXWXSKu2kzWkQ9U5Qdr+yHSXarFLX5nC2peY6Z6MZxHax1I6DDbfh9duhqeSdXGF
BcoRHXPwJA3HmXjTL74jrTov/kk3k5SDaOA9iWHZxH8bW8TaSJCldQBptpp6nqcE
YMjD8qL1yUJbgQLud21WOHyR7VtJ6L7P+nfBFP/NlozM5PVOm6JO0NlYDTdMF8+l
XlCVTWWeCGSkNu6OQl0yrB6PlK8aZYZSuGJg89zgf+fsoPDKcpY3owIUGE0m21l1
hkmDvMTuuGMpkqN3MNEhyWb4UXkG5nnSvOEneD0m6nTr9IXUncQsPA==
=FCOl
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
It appears the openssl 1.0.0e-1 upload, fixing #594524, corrected this
issue. Thanks.
$ cd /etc/ssl/certs/
$ ls -l 5ed36f99.0 e5662767.0
lrwxrwxrwx 1 root root 14 Oct 23 19:08 5ed36f99.0 -> cacert.org.pem
lrwxrwxrwx 1 root root 14 Oct 23 19:08 e5662767.0 -> cacert.org.pem
--
Kind regards,
Michael Shuler
--- End Message ---