** Changed in: ca-certificates (Debian)
Status: Invalid = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/114495
Title:
ca-certificates removes all users certificates in
We are closing this bug report because it lacks the information we need
to investigate the problem, as described in the previous comments.
Please reopen it if you can give us the missing information, and don't
hesitate to submit bug reports in the future. To reopen the bug report
you can click on
What behavior is currently unexpected in the symlink handling? It
sounds like everything is working as expected?
** Changed in: ca-certificates (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) = (unassigned)
** Changed in: ca-certificates (Ubuntu)
Status: Triaged =
** Changed in: ca-certificates (Ubuntu)
Assignee: (unassigned) = Ubuntu Security Team (ubuntu-security)
--
ca-certificates removes all users certificates in /etc/ssl/certs
https://bugs.launchpad.net/bugs/114495
You received this bug notification because you are a member of Ubuntu
Bugs,
Not even hash symlinks are currently removed by update-ca-certificates's
call of c_rehash. Only if it's invoked with --fresh. The new version
which will be included in Karmic supports the use of local certificates
in /usr/local/share/ca-certificates.
As far as I know the script (and I rewrote
** Changed in: ca-certificates (Ubuntu)
Status: Confirmed = Triaged
--
ca-certificates removes all users certificates in /etc/ssl/certs
https://bugs.launchpad.net/bugs/114495
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
The hash symlinks are supposed to be managed automatically by openssl. If you
have a symlink like
/etc/ssl/certs/f066f19f.0 - /usr/share/debathena-ssl-certificates/mitCA.pem
then it will get removed by c_rehash (which is run by update-ca-certificates).
However, if you instead make a symlink
** Changed in: ca-certificates (Debian)
Status: Unknown = New
--
ca-certificates removes all users certificates in /etc/ssl/certs
https://bugs.launchpad.net/bugs/114495
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
** Bug watch added: Debian Bug tracker #326072
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326072
** Also affects: ca-certificates (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326072
Importance: Unknown
Status: Unknown
--
ca-certificates removes all users
It looks like the postrm is about removing non-existent entries: they
get tested with file -f, which also works for symlinks.
So, my guess is that /usr/sbin/update-ca-certificates somehow removes
those certificates.
--
ca-certificates removes all users certificates in /etc/ssl/certs
Right, that postrm is *evil*. It messes up the user configuration.
** Changed in: ca-certificates (Ubuntu)
Importance: Medium = High
Status: Unconfirmed = Confirmed
--
ca-certificates removes all users certificates in /etc/ssl/certs
https://bugs.launchpad.net/bugs/114495
You received
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Can you give a series of steps to reproduce the problem you're
describing? Normally symlinks in /etc/ssl are regenerated when ca-
certificates is upgraded, so I'm unclear what misbehavior you're
describing. Thanks
Here is how I experienced what I've reported.
I have the certificates for sendmail in /etc/mail/tls, a list of *.crt files.
To have everything ok for sendmail, I need to have those certificates
in /etc/ssl/certs with the special name hash.0.
As the name hash.0 is not easy to maintain, I just
I've found something related in debian/postrm, but I don't think it gets
considered, when re-installing:
case $1 in
remove)
cd /etc/ssl/certs
echo -n Removing hash symlinks in /etc/ssl/certs ...
find . -type l -print | while read h
do
test -f $h || rm -f
Daniel,
even in postrm, that should not be done. It's not because one wants to
get rid of this ca-certificates deb that user certs should be removed. I
concider this package do be only one contributor of certificates, not
the only one.
If ubuntu and debian insist on doing so, ie forcing other
15 matches
Mail list logo