Because we have to continue shipping the cert .pems anyway, for other
platforms, and because OpenSSL has issues with the chaining when reading
from ca-certificates.crt, it doesn't seem like trying to get them added
to ca-certificates.crt (which seems to have quite a complex process to
do), won't affect security at all. And if the cert is changed on the
server, validation will fail as-is since the certs would no longer match
until we ship an update. Agreed on IRC to just close the bug.
** Changed in: ubuntuone-storage-protocol/trunk
Status: New => Won't Fix
** Changed in: ubuntuone-storage-protocol/stable-3-0
Status: New => Won't Fix
** Changed in: ubuntuone-storage-protocol
Status: New => Won't Fix
** Changed in: ubuntuone-storage-protocol (Ubuntu)
Status: Confirmed => Won't Fix
** Changed in: ubuntuone-storage-protocol (Ubuntu)
Assignee: Ubuntu One Foundations+ team (ubuntuone-foundations+) =>
(unassigned)
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/925713
Title:
CA Certificate is hardcoded
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntuone-storage-protocol/+bug/925713/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
