On Sun, Nov 11, 2012 at 11:53:05PM -0600, Michael Shuler wrote:
As I understand it, there is a high probability that there are a good
number of users that may have configurations, for example apache, that
rely on the existence of the concatenated cacert.org.pem file for root
chaining. If we
Similar to the removal of $CERTBUNDLE prior to calling c_rehash in
sbin/update-ca-certificates (see http://bugs.debian.org/cgi-bin/643667),
we could (using vars, etc. - this is just an idea):
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
index 5375950..72acc5a 100755
---
On 11/04/2012 06:18 PM, Michael Shuler wrote:
If we attempt to leave cacert.org.pem around, we disrupt the hashes to
the individual files. The openssl maintainers wish us to go back to the
split files, so they can remove a faulty patch. I'll need to touch base
with this, when I get some
Package: ca-certificates
Version: 20120623
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The openssl maintainers would like to drop a patch for support of multiple
certs in a single file, as it has caused a regression. The CAcert root.crt
and class3.crt should be installed
Control: tags -1 pending
Double-checking cert hashes:
Before (ver. 20120623):
$ ls -l /etc/ssl/certs/|grep cacert.org
lrwxrwxrwx 1 root root 14 Nov 4 16:58 590d426f.0 - cacert.org.pem
lrwxrwxrwx 1 root root 14 Nov 4 16:58 5ed36f99.0 - cacert.org.pem
lrwxrwxrwx 1 root root 14 Nov 4
Control: tags -1 - pending + patch
Setting to patch for some advice..
- 20090708 removed cacert.org/root.crt and cacert.org/class3.crt
(deprecated in 20080809)
- 20080809 concatenated both CACert Class 1 and Class 3 certificates
into cacert.org.pem for certificate chaining, deprecating the
6 matches
Mail list logo