Package: ca-certificates Version: 20061027 Followup-For: Bug #387089 Greetings,
I have tested the patch for c_rehash submitted in this bug report. The patch seems to work. Here is what I did. I patched c_rehash in the openssl source with the patch provided in the bug report. I then rebuilt the openssl package. Then I installed ca-certificates_20040809_all.deb, libssl0.9.7_0.9.7e-3sarge4_i386.deb, and openssl_0.9.7e-3sarge4_i386.deb. I then created a CA certificate for linuxbs.org which I placed in /usr/share/ca-certificates/linuxbs.org/Linux_Bahamas_Public_CA.crt. I then did 'bash# dpkg-reconfigure ca-certificates' and found 'linux bahamas ca' in the list. I enabled it and found the symlink was created in /etc/ssl/certs/. When disabled by reconfiguring ca-certificates the symlink was removed. However I went over the bug report again and found that according to the bug report the certificate being affected was placed directly in /etc/ssl/certs/. To emulate this I moved /usr/share/ca-certificates/linuxbs.org/Linux_Bahamas_Public_CA.crt to /etc/ssl/certs/linuxbs.crt. Then I did 'bash# rm -rf /usr/share/ca-certificates/linuxbs.org/' I then did 'bash# openssl x509 -hash -fingerprint -noout -in linuxbs.crt' to find the hash value for the certificate. This returned 'e19be4d3'. So I created the symlink 'bash# ln -s /etc/ssl/certs/linuxbs.crt e19be4d3.0' Then I proceeded to upgrade to the pacakges in etch ca-certificates_20061027_all.deb, libssl0.9.8_0.9.8c-3_i386.deb, and openssl_0.9.8c-3_i386.deb. The upgrade removed the symlink /etc/ssl/certs/e19be4d3.0. I then upgraded to the packages I built with the patch for c_rehash. These packages were libssl0.9.8_0.9.8c-3.1_i386.deb and openssl_0.9.8c-3.1_i386.deb. With the new packages in place I upgraded ca-certificates again and the symlink /etc/ssl/certs/e19be4d3.0 was preseved. Also update-ca-certificates being run did not remove the symlink /etc/ssl/certs/19be4d3.0. Previously when update-ca-certificates was run without the patched openssl/c_rehash the symlink was removed. This leads me to conclude the following. 1) If the custom certificates are placed in /usr/share/ca-certificates the symlinking in /etc/ssl/certs should be created through upgrades. Not entirely sure if this is fool proof but thats how it seemed to work for me. 2) The patch provided in the bug report will fix the problem of the symlinks being removed for custom certificates NOT placed in /usr/share/ca-certificates. Hope this helps. Regards, Jason Harrison -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.2-pluto Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.9 Debian configuration management sy ii openssl 0.9.8c-3 Secure Socket Layer (SSL) binary a ca-certificates recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
