Package: ca-certificates
Version: 20240203
Severity: normal
File: /usr/share/ca-
certificates/mozilla/Security_Communication_Root_CA.crt
I noticed that there is one expired certificate in ca-certificates:
$ cat test
now=$(date -u)
date -d "$now"
now="$(date -d "$now" +%s)"
for f in /usr/share/ca-certificates/mozilla/* ; do
date="$(openssl x509 -enddate -noout -in "$f" | cut -d= -f2)"
d="$(date -d "$date" +%s)"
if [ $((d<=now)) -eq 1 ] ; then
echo Expired: $f $date $d $now
fi
done
$ sh test
Mon 05 Feb 2024 10:13:46 AWST
Expired:
/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt Sep 30
04:20:49 2023 GMT 1696047649 1707099226
It might be a good idea to add an autopkgtest to check them.
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (800,
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700,
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.13-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages ca-certificates depends on:
ii debconf [debconf-2.0] 1.5.83
ii openssl 3.1.5-1
ca-certificates recommends no packages.
ca-certificates suggests no packages.
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part