On 08.08.2014 13:37, Ludwig Nussel wrote: > Stef Walter schrieb: >> On 08.08.2014 13:14, Ludwig Nussel wrote: >>> Stef Walter schrieb: >>>> On 07.08.2014 17:17, grantksupp...@operamail.com wrote: >>>>> When I exec >>>>> >>>>> /usr/sbin/update-ca-certificates -v -f >>>>> >>>>> some -- NOT all! -- of my machines return a some "p11-kit: invalid >>>>> basic constraints certificate extension" messages, >>>> >>>> Could you try out the patches attached to the following bug, and let me >>>> know if it fixes the problem for you? >>>> >>>> https://bugs.freedesktop.org/show_bug.cgi?id=82328 >>> >>> I've applied that patches to the 13.1 package: >>> http://download.opensuse.org/repositories/home:/lnussel:/branches:/openSUSE:/13.1:/Update/standard/ >>> >> >> Does it fix the issue? Looking for someone else to test it. > > In the VM I have it fixes the NULL warnings. I didn't see the error > message the original reporter had. > >>> Just curious, why does the code path hit a point where it sees an >>> invalid public key? >> >> This line sets the type field to CKA_INVALID, but then other code still >> assumed the struct was valid without checking the type field. >> >> http://cgit.freedesktop.org/p11-glue/p11-kit/tree/trust/builder.c?h=stable#n643 >> > > That can only happen for .p11-kit files, right?
Yes, there is currently no other way to store certificate info without also having a public key at hand. Stef _______________________________________________ p11-glue mailing list p11-glue@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/p11-glue
