Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

To: "Package Development List for OpenSSL packages." <pkg-openssl-devel@lists.alioth.debian.org>
Cc: Mike Hommey <mh@glandium.org>, openssl@packages.debian.org, Yves-Alexis Perez <corsac@debian.org>, 639744@bugs.debian.org, Josh Triplett <josh@joshtriplett.org>
Subject: Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 4 Sep 2011 12:02:48 +0200
Message-id: <[🔎] 20110904100248.GA25878@roeckx.be>
Reply-to: Kurt Roeckx <kurt@roeckx.be>, 639744@bugs.debian.org
In-reply-to: <[🔎] 201109040137.21574.geissert@debian.org>
References: <20110829210357.26233.13731.reportbug@leaf> <[🔎] 20110903054023.GA3559@glandium.org> <[🔎] 20110903064522.GA4715@glandium.org> <[🔎] 201109040137.21574.geissert@debian.org>

On Sun, Sep 04, 2011 at 01:37:19AM -0500, Raphael Geissert wrote:
> 
> Seems like it would be better if we also handled the issue at the libssl 
> level. OpenSSL maintainers: does that sound doable?

I'm not sure what you mean.  We don't provide any certificates,
you need to tell openssl which certs to use, which can be a file
or directory.  There are certificates provided by ca-certificates,
which is probably what most people would use and afaik the DigiNotar
CA got dropped from it.

Their is also openssl-blacklist, but it doesn't seem to have
much users.

Kurt

Reply to:

Follow-Ups:
- Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
  - From: Kurt Roeckx <kurt@roeckx.be>

References:
- Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
  - From: Mike Hommey <mh@glandium.org>
- Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
  - From: Mike Hommey <mh@glandium.org>
- Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
  - From: Raphael Geissert <geissert@debian.org>

Prev by Date: Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Next by Date: Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Previous by thread: Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Next by thread: Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Index(es):
- Date
- Thread