Hi Michael, On Friday 28 October 2011 07:37:28 Michael Shuler wrote: > I committed an updated mozilla/blacklist.txt to explicitly blacklist the > untrusted "Bogus *" and "Explicitly Distrust DigiNotar *" certificates, > which will show up in the next upload [2].
Is there any specific reason you did that? The "Explicitly *" certs do add some more noise, but none of them are installed. Even if they were, they are invalid and wouldn't be used. The Bogus ones are not installed either, so that's okay. Back to the original bug report, I don't see how this update addresses anything. If you do openssl verify(1) on any of the bogus UTN-issued certs you will see they still do validate. Nothing can be done about it in ca- certificates. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
