subject:"\[Bug 1207004\] Re\: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

2017-08-15 Thread Bug Watch Updater

** Changed in: ca-certificates (Debian)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1207004

Title:
  certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

2017-07-21 Thread Bug Watch Updater

** Changed in: ca-certificates (Debian)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1207004

Title:
  certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

2014-02-24 Thread Christian Heimes

Please request a CVE number for this issue.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1207004

Title:
  certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

2013-10-25 Thread Marc Deslauriers

** Changed in: ca-certificates (Ubuntu)
 Assignee: Marc Deslauriers (mdeslaur) = (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1207004

Title:
  certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

2013-09-08 Thread Bug Watch Updater

** Changed in: ca-certificates (Debian)
   Status: Unknown = New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1207004

Title:
  certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

2013-09-06 Thread Marc Deslauriers

So, I've looking into this. The relevant code in certdata2pem.py is:

elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
  'CKT_NSS_TRUSTED_DELEGATOR'):
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_EMAIL_PROTECTION'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
   'CKT_NSS_TRUSTED_DELEGATOR'):
trust[obj['CKA_LABEL']] = True


In Debian and Ubuntu, ca-certificates is not only used for web certificates, 
but also for email certificates.

Even if Verisign_Class_1_Public_Primary_Certification_Authority.pem is
marked as CKT_NSS_MUST_VERIFY_TRUST for CKA_TRUST_SERVER_AUTH, it is
marked as CKT_NSS_TRUSTED_DELEGATOR for CKA_TRUST_EMAIL_PROTECTION,
which is why it is included.

I believe omitting certs that are valid for CKA_TRUST_EMAIL_PROTECTION
will break email S/MIME verification.

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1207004

Title:
  certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

2013-09-06 Thread Christian Heimes

I had long discussion with Marc-Andre Lemburg about the issue. He
maintains the eGenix pyOpenSSL distribution which also contains root CA
certs. He did some tests with TRUST settings but apparently OpenSSL
ignores them. Eventually we came up with the idea to split the CA bundle
into multiple files: a separate file for each purpose. See
http://www.egenix.com/products/python/pyOpenSSL/

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1207004

Title:
  certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

2013-09-06 Thread Marc Deslauriers

I've filed an upstream bug with Debian.

** Bug watch added: Debian Bug tracker #721976
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721976

** Also affects: ca-certificates (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721976
   Importance: Unknown
   Status: Unknown

** Changed in: ca-certificates (Ubuntu)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1207004

Title:
  certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

[Bug 1207004] Re: certdata2pem.py doesn't handle CKT_NSS_MUST_VERIFY_TRUST

8 matches

Site Navigation

Mail list logo

Footer information