-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package: ca-certificates Version: 20090814 Severity: important
I set the severity to important cause it affects other software which use the cacert certificate. Feel free to adjust the severity. Since to upgrade from stable to unstable the cacert certificates are not find anymore. The reason is that (as reaction to bug 415125, I think) both certificates, the class3 and the root was putting into one file, cacert.org.crt. As this is ok for openssl the problem is that only for the first certificate in the file, a hash-link is created in /etc/ssl/certs (5ed36f99.0, old root.crt) but not for the second certificate (e5662767.0, old class3.crt) so it gets not find by ssl enabled software connecting to a host signed by the second certificate Please fix the hashing procedure to create _all_ hashes for _all_ certificates. - -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (800, 'unstable'), (700, 'stable'), (600, 'oldstable'), (60, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32.9 Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE) Shell: /bin/sh linked to /bin/dash Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy ii openssl 0.9.8k-8 Secure Socket Layer (SSL) binary a ca-certificates recommends no packages. ca-certificates suggests no packages. - -- debconf information: * ca-certificates/enable_crts: brasil.gov.br/brasil.gov.br.crt, cacert.org/cacert.org.crt, debconf.org/ca.crt, gouv.fr/cert_igca_dsa.crt, gouv.fr/cert_igca_rsa.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, spi-inc.org/spi-cacert-2008.crt ca-certificates/new_crts: * ca-certificates/trust_new_crts: ask - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <kl...@ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS5OUwp+OKpjRpO3lAQo8GQf9GCCT7TCLmCGXGwJqcV8V8WcReHt4Nwfa OXWXSKu2kzWkQ9U5Qdr+yHSXarFLX5nC2peY6Z6MZxHax1I6DDbfh9duhqeSdXGF BcoRHXPwJA3HmXjTL74jrTov/kk3k5SDaOA9iWHZxH8bW8TaSJCldQBptpp6nqcE YMjD8qL1yUJbgQLud21WOHyR7VtJ6L7P+nfBFP/NlozM5PVOm6JO0NlYDTdMF8+l XlCVTWWeCGSkNu6OQl0yrB6PlK8aZYZSuGJg89zgf+fsoPDKcpY3owIUGE0m21l1 hkmDvMTuuGMpkqN3MNEhyWb4UXkG5nnSvOEneD0m6nTr9IXUncQsPA== =FCOl -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org