Package: ca-certificates Followup-For: Bug #911289 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I'm trying to find a list of the distrusted certificates and it's not easy... going by [0], the last entry on the list is: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C Which is still included in ca-certificates! $ openssl x509 -noout -fingerprint -sha256 -in /usr/share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt SHA256 Fingerprint=23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C [0] https://blogs.oracle.com/java-platform-group/jdk-distrusting-symantec-tls-certificates - -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (550, 'stable-updates'), (550, 'stable-debug'), (550, 'stable'), (530, 'testing-debug'), (530, 'testing'), (520, 'unstable-debug'), (520, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: arm64 Kernel: Linux 5.3.0-2-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.71 ii openssl 1.1.1d-0+deb10u2 ca-certificates recommends no packages. ca-certificates suggests no packages. - -- debconf information excluded -----BEGIN PGP SIGNATURE----- iQJGBAEBCAAwFiEEyqqqGsppqDqJKxhV0gtCAlzaJ7kFAl3vg8QSHHNhbUByb2Jv dHMub3JnLnVrAAoJENILQgJc2ie5HjMQAJOAR8+8c4KbzWTChJSKQ9fVJPrDrEqi bGVQ/tceYqSDTWE/2DAp+9kBMPQzE6bFJVUXo2V/P08impNG87OxwscYdFARa5O2 F1/16Vag9sg9U+sCNEO9a0UwQCZsXAYM6ctapB/teVOyNjbNqeDBcLFlg+NhGtK7 W7jgFTC8W2wQJTjlV+ASwuMncuVImGQJm9vQpa0SnBInVVLt5MPwgk95FRlDBEVs UBIL2IcGWrpYc8AgxaYyb9jqnsRXedcESk58q+NdPwFTQo+F6260Hh/EHhA0IV/q 1acoscdRFVEGQZwC1gSQvLYUhN8dHNqNmtwdLGzbxUGWSQ/0h4LHunmBUlDdZOOp szV/aVb31BJa0es8mfL/tVqX92C9jfOM9FSrqTMwFtPyJIj7dljkmTk/2CcD9OlJ Z52yQwyvdag+r6LNR0KsBy3G6mZpLkfEGEXEriv2THps5l0r6cUz7M7AWJIL6GqZ tJ8S91Z7gEJqmqUA+ZHt+IgEsPEJijIkvs6EnDJdEUtdd+FUd7y7yb34j049zD8G pfjtWAZ0VzOi+BUj6TCdpek8StL4pZZptunnsEjkWnqJXv/3DFAKNKyKYPbUtXQV WBGvkWqIro/SDSXluEo7aM9jx/aaFOIJMiRW519O+MQxr1m9IUJd6sbk0hS9LfhV HUVa7NG9ys5d =zke0 -----END PGP SIGNATURE-----