Package: ca-certificates Version: 20240203 Severity: normal File: /usr/share/ca- certificates/mozilla/Security_Communication_Root_CA.crt
I noticed that there is one expired certificate in ca-certificates: $ cat test now=$(date -u) date -d "$now" now="$(date -d "$now" +%s)" for f in /usr/share/ca-certificates/mozilla/* ; do date="$(openssl x509 -enddate -noout -in "$f" | cut -d= -f2)" d="$(date -d "$date" +%s)" if [ $((d<=now)) -eq 1 ] ; then echo Expired: $f $date $d $now fi done $ sh test Mon 05 Feb 2024 10:13:46 AWST Expired: /usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt Sep 30 04:20:49 2023 GMT 1696047649 1707099226 It might be a good idea to add an autopkgtest to check them. -- System Information: Debian Release: trixie/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.6.13-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.83 ii openssl 3.1.5-1 ca-certificates recommends no packages. ca-certificates suggests no packages. -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part