On Sun, Nov 11, 2012 at 11:53:05PM -0600, Michael Shuler wrote:
>
> As I understand it, there is a high probability that there are a good
> number of users that may have configurations, for example apache, that
> rely on the existence of the concatenated cacert.org.pem file for root
> chaining. If
Similar to the removal of $CERTBUNDLE prior to calling c_rehash in
sbin/update-ca-certificates (see http://bugs.debian.org/cgi-bin/643667),
we could (using vars, etc. - this is just an idea):
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
index 5375950..72acc5a 100755
--- a
On 11/04/2012 06:18 PM, Michael Shuler wrote:
> If we attempt to leave cacert.org.pem around, we disrupt the hashes to
> the individual files. The openssl maintainers wish us to go back to the
> split files, so they can remove a faulty patch. I'll need to touch base
> with this, when I get some a
Control: tags -1 - pending + patch
Setting to patch for some advice..
- 20090708 removed cacert.org/root.crt and cacert.org/class3.crt
(deprecated in 20080809)
- 20080809 concatenated both CACert Class 1 and Class 3 certificates
into cacert.org.pem for certificate chaining, deprecating the indivi
Control: tags -1 pending
Double-checking cert hashes:
Before (ver. 20120623):
$ ls -l /etc/ssl/certs/|grep cacert.org
lrwxrwxrwx 1 root root 14 Nov 4 16:58 590d426f.0 -> cacert.org.pem
lrwxrwxrwx 1 root root 14 Nov 4 16:58 5ed36f99.0 -> cacert.org.pem
lrwxrwxrwx 1 root root 14 Nov
Package: ca-certificates
Version: 20120623
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The openssl maintainers would like to drop a patch for support of multiple
certs in a single file, as it has caused a regression. The CAcert root.crt
and class3.crt should be installed
6 matches
Mail list logo
