Bug#498658: marked as done (ca-certificates: duplicates breaks usage with e.g. lighttpd)

Thu, 09 Sep 2010 10:33:18 -0700 

Your message dated Thu, 09 Sep 2010 19:28:46 +0200
with message-id <[email protected]>
and subject line done - not reproducable - no report from bug author
has caused the Debian Bug report #498658,
regarding ca-certificates: duplicates breaks usage with e.g. lighttpd
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
498658: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498658
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ca-certificates
Version: 20080809
Severity: normal

Some applications, in particular lighttpd, require the CRL file to
contain no duplicates.

Currently, ca-certificates provide the following duplicates:

cacert.org/class3.crt
cacert.org/root.crt
quovadis.bm/QuoVadis_Root_Certification_Authority.crt

With all certs enabled, the following error occurs in lighttpd:

Reloading web server configuration: lighttpd2008-09-11 22:34:53: 
(network.c.377) SSL: Private key does not match the certificate public key, 
reason: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert 
already in hash table /etc/ssl/private/lighttpd.pem 

With the above 3 certs disabled, lighttpd works.


A possible fix would be to check for and suppress duplicates when
generating the CRL file.


 - Jonas

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27-rc5-amd64 (SMP w/2 CPU cores)
Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]         1.5.23     Debian configuration management sy
ii  openssl                       0.9.8g-13  Secure Socket Layer (SSL) binary a

ca-certificates recommends no packages.

ca-certificates suggests no packages.

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Check bugreport for informations why this has been closed.

Cheers.
-- 
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------

--- End Message ---

Reply via email to