On 07/24/2013 12:07 PM, Paolo Scarabelli wrote: > If I add a new cerificate with blanks in the file name in > /usr/share/ca-certificates, when I run: > > dpkg-reconfigure ca-certificates
Why did you do it this way? Locally installed certificates should be placed in /usr/local/share/ca-certificates/ and they will be trusted. From README.Debian: If you want to install local certificate authorities to be implicitly trusted, please put the certificate files as single files ending with “.crt“ into “/usr/local/share/ca-certificates” and re-run “update-ca-certificates”. > it adds a line for every part of the file name in ca-certificates.conf . > > In example, if I try to add the certificate: > > Actalis Authentication Root CA.crt > > it adds the following lines to ca-certificates.conf: > > Actalis > Authentication > Root > CA.crt OK. I'll look to see if this can be escaped, but it really is unnecessary, since you wrote the file somewhere it really should not have been written to. In addition, the CA you wrote is already in the Mozilla bundle, if you were not aware of this. A quick test to see what happens when written with spaces to the correct local install location (c_rehash emits the warning about a duplicate cert) - it is added correctly symlinked in /etc/ssl/certs/ directory as well as appended to /etc/ssl/certs/ca-certificates.crt: mshuler@mana:~$ sudo cp -p /usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt /usr/local/share/ca-certificates/"Actalis Authentication Root CA.withspaces.crt" mshuler@mana:~$ ls -l /usr/local/share/ca-certificates/ total 4 -rw-r--r-- 1 root root 2049 Jun 10 13:21 Actalis Authentication Root CA.withspaces.crt mshuler@mana:~$ sudo update-ca-certificates Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate Actalis_Authentication_Root_CA.withspaces.pem WARNING: Skipping duplicate certificate Actalis_Authentication_Root_CA.withspaces.pem 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d....done. mshuler@mana:~$ ls -l /etc/ssl/certs/|grep Actalis lrwxrwxrwx 1 root root 34 Jul 26 13:34 5f47b495.0 -> Actalis_Authentication_Root_CA.pem lrwxrwxrwx 1 root root 34 Jul 26 13:34 930ac5d2.0 -> Actalis_Authentication_Root_CA.pem lrwxrwxrwx 1 root root 69 Jul 26 13:32 Actalis_Authentication_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt lrwxrwxrwx 1 root root 78 Jul 26 13:34 Actalis_Authentication_Root_CA.withspaces.pem -> /usr/local/share/ca-certificates/Actalis Authentication Root CA.withspaces.crt mshuler@mana:~$ grep MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE /etc/ssl/certs/ca-certificates.crt MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE All the files installed by the package do not have spaces - these are the files configured by the package. I'll consider whether this bug should just be closed or if some further escaping is needed after looking more closely. -- Kind regards, Michael Shuler -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
