Bug#683403: ca-certificates: Missing Verisign md2 certs due to broken extract script

Package: ca-certificates Version: 20130906 Followup-For: Bug #683403 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu trusty ubuntu-patch *** /tmp/tmpG_KsCC/bug_body Openssl doesn't appear to correctly handle not having both versions of the same signed roots. I have decided that we

Bug#683403:

OK, I am now convinced that we don't need the md2 certs, applications should be able to validate using the sha1 certs. I believe a bug in libsoup/glib-networking is causing the sha1 certs to not be used. We still should improve ca-certificates to make _sure_ that we're shipping the sha1 certs

Bug#683403:

On 08/01/2012 09:37 AM, Marc Deslauriers wrote: OK, I am now convinced that we don't need the md2 certs, applications should be able to validate using the sha1 certs. I believe a bug in libsoup/glib-networking is causing the sha1 certs to not be used. Thanks for the clarification. We still

Bug#683403: ca-certificates: Missing Verisign md2 certs due to broken extract script

Package: ca-certificates Version: 20111211 Severity: normal Verisign shipped G1 PCA Roots with md2 signatures on them. At some point, they resigned those roots using SHA1, but requested that the original certs keep shipping in Mozilla's cert list as they had issued intermediates with AKIs that