Package: ca-certificates
Followup-For: Bug #911289
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I'm trying to find a list of the distrusted certificates and it's not
easy... going by [0], the last entry on the list is:
CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign,
Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.",
C=US
23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C
Which is still included in ca-certificates!
$ openssl x509 -noout -fingerprint -sha256 -in
/usr/share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt
SHA256
Fingerprint=23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C
[0]
https://blogs.oracle.com/java-platform-group/jdk-distrusting-symantec-tls-certificates
- -- System Information:
Debian Release: 10.2
APT prefers stable-updates
APT policy: (550, 'stable-updates'), (550, 'stable-debug'), (550, 'stable'),
(530, 'testing-debug'), (530, 'testing'), (520, 'unstable-debug'), (520,
'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64
Kernel: Linux 5.3.0-2-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages ca-certificates depends on:
ii debconf [debconf-2.0] 1.5.71
ii openssl 1.1.1d-0+deb10u2
ca-certificates recommends no packages.
ca-certificates suggests no packages.
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEEyqqqGsppqDqJKxhV0gtCAlzaJ7kFAl3vg8QSHHNhbUByb2Jv
dHMub3JnLnVrAAoJENILQgJc2ie5HjMQAJOAR8+8c4KbzWTChJSKQ9fVJPrDrEqi
bGVQ/tceYqSDTWE/2DAp+9kBMPQzE6bFJVUXo2V/P08impNG87OxwscYdFARa5O2
F1/16Vag9sg9U+sCNEO9a0UwQCZsXAYM6ctapB/teVOyNjbNqeDBcLFlg+NhGtK7
W7jgFTC8W2wQJTjlV+ASwuMncuVImGQJm9vQpa0SnBInVVLt5MPwgk95FRlDBEVs
UBIL2IcGWrpYc8AgxaYyb9jqnsRXedcESk58q+NdPwFTQo+F6260Hh/EHhA0IV/q
1acoscdRFVEGQZwC1gSQvLYUhN8dHNqNmtwdLGzbxUGWSQ/0h4LHunmBUlDdZOOp
szV/aVb31BJa0es8mfL/tVqX92C9jfOM9FSrqTMwFtPyJIj7dljkmTk/2CcD9OlJ
Z52yQwyvdag+r6LNR0KsBy3G6mZpLkfEGEXEriv2THps5l0r6cUz7M7AWJIL6GqZ
tJ8S91Z7gEJqmqUA+ZHt+IgEsPEJijIkvs6EnDJdEUtdd+FUd7y7yb34j049zD8G
pfjtWAZ0VzOi+BUj6TCdpek8StL4pZZptunnsEjkWnqJXv/3DFAKNKyKYPbUtXQV
WBGvkWqIro/SDSXluEo7aM9jx/aaFOIJMiRW519O+MQxr1m9IUJd6sbk0hS9LfhV
HUVa7NG9ys5d
=zke0
-----END PGP SIGNATURE-----
