Package: ca-certificates Version: 20080809 Severity: serious So,
Unfortunately there is no documented means to add local certificates to the /etc/ssl/certs/ca-certificates.crt file that is maintained by ca-certficates. Adding local configuration to /usr/share/ca-certificates would work, but I wanted to avoid that. So what I tried instead was adding a pointer to the certificates directly to the packages configuration file /etc/ca-certificates.conf: | kate:~# tail -n1 /etc/ca-certificates.conf | ../../../etc/ssl/certs/ca_came.pem Filenames in this directory are relative to /usr/share/ca-certificates so the ../../../ mess is needed to add the file that is already in /etc/ssl to the ca-certificates.crt store. This even works as expected: | kate:~# ls -l /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca_came.pem* | -rw-r--r-- 1 root root 1480 Feb 5 12:07 /etc/ssl/certs/ca-certificates.crt | -rw-r--r-- 1 root root 1480 Jun 3 2008 /etc/ssl/certs/ca_came.pem | lrwxrwxrwx 1 root root 61 Feb 5 12:07 /etc/ssl/certs/ca_came.pem.pem -> /usr/share/ca-certificates/../../../etc/ssl/certs/ca_came.pem Granted, not the nicest thing in the world, but hey. Now git finally does the right thing. Unfortuantely this configuration is destroyed when ca-certificates runs its debconf thing next time: | kate:~# tail -n1 /etc/ca-certificates.conf | ../../../etc/ssl/certs/ca_came.pem | kate:~# dpkg-reconfigure ca-certificates | Updating certificates in /etc/ssl/certs....done. | Running hooks in /etc/ca-certificates/update.d....done. | kate:~# tail -n1 /etc/ca-certificates.conf | !../../../etc/ssl/certs/ca_came.pem Such local config shouldn't be broken. (Ideally there would just be a place where the admin can dump certs, say /etc/ca-certificates/local/ or whatever, then this whole mess wouldn't be necessary.) Cheers, weasel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
