[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]



I did post a message into bug report number 537382 which was opened on July 2009. I'm writing directly Debian QA Group because a new version of ca-certificates was issued and the script which needs to be modified remains the same as previous version, i.e. the bug persists.

Those report consists on the script which generates /etc/ssl/certs symbolic links structure (update-ca-certificates).

As you know, /etc/ssl/certs/ca-certificates.crt is a bundle of all certificates in one single file; this file must be skipped searching for hashes of all certificates when "*.0" symlinks are created. Using the script in its current state, first certificate appended into ca-certificates.crt will match as the hash of ca-certificates.crt and symbolic link will be created from the hash of that file (brasil.gov.br.pem because is alphabetically the first) to ca-certificates.crt leaving brasil.gov.br.pem without a symlink with its hash.

I did supply a patch that may be used after some test by Debian.

Best regards!

Reply to: