I just came across this while configuring the CA certs for some
software. It would be really nice if this security issue were fixed at
some point. In the meantime, it looks like
/etc/ssl/certs/ca-certificates.crt doesn't have the snake oil
certificate (at least on my systems) even though /etc/ssl/cert does have
symlinks to it. So I think it might be a reasonable workaround to point
software at the single file instead of the directory?
- Bug#790943: Root and local certificate location... Daniel Pocock
- Bug#790943: Root and local certificate loc... Paul Wise
- Bug#790943: Root and local certificate loc... Stefan Fritsch
- Processed: Re: Bug#790943: Root and lo... Debian Bug Tracking System
- Bug#790943: [ssl-cert] Root and local cert... Alan Jenkins
- Bug#790943: Direktoriaus kontaktai - tai J... Gautas pranešimas
- Bug#790943: Root and local certificate loc... David Mandelberg
- Bug#790943: Root and local certificate loc... Sergey Ponomarev