Bug#986963: marked as done (ca-certificates: QuoVadis and Sonera root certificates expired)

[Debian Bug Tracking System]

Your message dated Tue, 11 Jan 2022 14:08:10 +0100
with message-id <Yd2BOnyjgJr5euGy@jcristau-z4>
and subject line Re: Bug#986963: ca-certificates: QuoVadis and Sonera root 
certificates expired
has caused the Debian Bug report #986963,
regarding ca-certificates: QuoVadis and Sonera root certificates expired
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986963: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986963
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ca-certificates
Version: 20210119
Severity: normal
X-Debbugs-Cc: john.ho...@plymouth.ac.uk

Dear Maintainer,

   * What led up to the situation?
Running 'x509watch' command (built from source; not in repositories) via cron 
on regular basis to check if any certificates had expired

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

   * What was the outcome of this action?
Output from x509watch reported:
/etc/ssl/certs/Sonera_Class_2_Root_CA.pem () is not valid since 2021-04-06
/etc/ssl/certs/QuoVadis_Root_CA.pem () is not valid since 2021-03-17

   * What outcome did you expect instead?
No output should be shown - this would indicate that there are no expired 
certificates.


-- System Information:
Debian Release: bullseye/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]  1.5.75
ii  openssl                1.1.1k-1

ca-certificates recommends no packages.

ca-certificates suggests no packages.

-- debconf information:
  ca-certificates/new_crts:
  ca-certificates/title:
  ca-certificates/trust_new_crts: yes
  ca-certificates/enable_crts: mozilla/ACCVRAIZ1.crt, 
mozilla/AC_RAIZ_FNMT-RCM.crt, mozilla/Actalis_Authentication_Root_CA.crt, 
mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, 
mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, 
mozilla/Amazon_Root_CA_1.crt, mozilla/Amazon_Root_CA_2.crt, 
mozilla/Amazon_Root_CA_3.crt, mozilla/Amazon_Root_CA_4.crt, 
mozilla/Atos_TrustedRoot_2011.crt, 
mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, 
mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_Root_CA.crt, 
mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig_Root_R2.crt, 
mozilla/Certigna.crt, mozilla/Certigna_Root_CA.crt, 
mozilla/certSIGN_ROOT_CA.crt, mozilla/certSIGN_Root_CA_G2.crt, 
mozilla/Certum_Trusted_Network_CA_2.crt, mozilla/Certum_Trusted_Network_CA.crt, 
mozilla/CFCA_EV_ROOT.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, 
mozilla/Comodo_AAA_Services_root.crt, 
mozilla/COMODO_Certification_Authority.crt, 
mozilla/COMODO_ECC_Certification_Authority.crt, 
mozilla/COMODO_RSA_Certification_Authority.crt, 
mozilla/Cybertrust_Global_Root.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, 
mozilla/DigiCert_Assured_ID_Root_G2.crt, 
mozilla/DigiCert_Assured_ID_Root_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, 
mozilla/DigiCert_Global_Root_G2.crt, mozilla/DigiCert_Global_Root_G3.crt, 
mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, 
mozilla/DigiCert_Trusted_Root_G4.crt, mozilla/DST_Root_CA_X3.crt, 
mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt, 
mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/EC-ACC.crt, 
mozilla/emSign_ECC_Root_CA_-_C3.crt, mozilla/emSign_ECC_Root_CA_-_G3.crt, 
mozilla/emSign_Root_CA_-_C1.crt, mozilla/emSign_Root_CA_-_G1.crt, 
mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, 
mozilla/Entrust_Root_Certification_Authority.crt, 
mozilla/Entrust_Root_Certification_Authority_-_EC1.crt, 
mozilla/Entrust_Root_Certification_Authority_-_G2.crt, 
mozilla/Entrust_Root_Certification_Authority_-_G4.crt, 
mozilla/ePKI_Root_Certification_Authority.crt, 
mozilla/e-Szigno_Root_CA_2017.crt, mozilla/E-Tugra_Certification_Authority.crt, 
mozilla/GDCA_TrustAUTH_R5_ROOT.crt, 
mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, 
mozilla/Global_Chambersign_Root_-_2008.crt, 
mozilla/GlobalSign_ECC_Root_CA_-_R4.crt, 
mozilla/GlobalSign_ECC_Root_CA_-_R5.crt, mozilla/GlobalSign_Root_CA.crt, 
mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, 
mozilla/GlobalSign_Root_CA_-_R6.crt, mozilla/Go_Daddy_Class_2_CA.crt, 
mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/GTS_Root_R1.crt, 
mozilla/GTS_Root_R2.crt, mozilla/GTS_Root_R3.crt, mozilla/GTS_Root_R4.crt, 
mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt, 
mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, 
mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt, 
mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/Hongkong_Post_Root_CA_3.crt, 
mozilla/IdenTrust_Commercial_Root_CA_1.crt, 
mozilla/IdenTrust_Public_Sector_Root_CA_1.crt, mozilla/ISRG_Root_X1.crt, 
mozilla/Izenpe.com.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, 
mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt, 
mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt, 
mozilla/NAVER_Global_Root_Certification_Authority.crt, 
mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, 
mozilla/Network_Solutions_Certificate_Authority.crt, 
mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt, 
mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt, mozilla/QuoVadis_Root_CA_1_G3.crt, 
mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_2_G3.crt, 
mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA_3_G3.crt, 
mozilla/QuoVadis_Root_CA.crt, mozilla/Secure_Global_CA.crt, 
mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, 
mozilla/Security_Communication_RootCA2.crt, 
mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, 
mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt, 
mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt, 
mozilla/SSL.com_Root_Certification_Authority_ECC.crt, 
mozilla/SSL.com_Root_Certification_Authority_RSA.crt, 
mozilla/Staat_der_Nederlanden_EV_Root_CA.crt, 
mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt, 
mozilla/Starfield_Class_2_CA.crt, 
mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, 
mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, 
mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, 
mozilla/SZAFIR_ROOT_CA2.crt, mozilla/TeliaSonera_Root_CA_v1.crt, 
mozilla/TrustCor_ECA-1.crt, mozilla/TrustCor_RootCert_CA-1.crt, 
mozilla/TrustCor_RootCert_CA-2.crt, mozilla/Trustis_FPS_Root_CA.crt, 
mozilla/Trustwave_Global_Certification_Authority.crt, 
mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt, 
mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt, 
mozilla/T-TeleSec_GlobalRoot_Class_2.crt, 
mozilla/T-TeleSec_GlobalRoot_Class_3.crt, 
mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt, 
mozilla/TWCA_Global_Root_CA.crt, mozilla/TWCA_Root_Certification_Authority.crt, 
mozilla/UCA_Extended_Validation_Root.crt, mozilla/UCA_Global_G2_Root.crt, 
mozilla/USERTrust_ECC_Certification_Authority.crt, 
mozilla/USERTrust_RSA_Certification_Authority.crt, 
mozilla/VeriSign_Universal_Root_Certification_Authority.crt, 
mozilla/XRamp_Global_CA_Root.crt

--- End Message ---

--- Begin Message ---

Version: 20211004

On Wed, Apr 14, 2021 at 05:39:24PM +0100, John Horne wrote:
> Package: ca-certificates
> Version: 20210119
> Severity: normal
> X-Debbugs-Cc: john.ho...@plymouth.ac.uk
> 
> Dear Maintainer,
> 
>    * What led up to the situation?
> Running 'x509watch' command (built from source; not in repositories) via cron 
> on regular basis to check if any certificates had expired
> 
>    * What exactly did you do (or not do) that was effective (or
>      ineffective)?
> 
>    * What was the outcome of this action?
> Output from x509watch reported:
> /etc/ssl/certs/Sonera_Class_2_Root_CA.pem () is not valid since 2021-04-06
> /etc/ssl/certs/QuoVadis_Root_CA.pem () is not valid since 2021-03-17
> 
>    * What outcome did you expect instead?
> No output should be shown - this would indicate that there are no expired 
> certificates.
> 
These are gone in the latest version.

Cheers,
Julien

--- End Message ---