severity 790943 normal thanks On Friday 03 July 2015 10:56:54, Daniel Pocock wrote: > I've marked this bug serious because it could lead to security > problems if people mix root certs and other certs in the same > directory
The certificates generated by make-ssl-cert all have "X509v3 Basic Constraints: CA:FALSE". Any program that accepts such certificates as trusted root certificate already has a serious security problem. Therefore I don't think the policy of make-ssl-cert to put certs into /etc/ssl/certs creates additional security issues. I am downgrading the bug accordingly. I am not really against putting server and ca certificate into separate directories. But some Debian-wide default would be nice, of course. Maybe we can discuss that at Debconf? -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/3032080.7t6kW0kpNa@k
