*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
ca-certificates removes all user certificates in /etc/ssl/certs during
install/upgrade.
Problem is that sendmail wants certificates for the STARTTLS feature to be
there.
I have plenty of crt files in there for sendmail. in fact, I put them in
/etc/mail/tls with symlinks in /etc/ssl/certs
since I've already lost precious certs files for that very same reason in
Debian years ago and it's a pain
to re-publish the newly re-created ones to all my smtp servers and trusted
peers.
Those files (symlinks in my case) are silently erased by ca-certificates
post-inst immediately breaking AUTH TLS and STARTTLS
in sendmail. This is just wrong.
I always have to put this package on hold (lock) but every once in a while, it
needs to be re-sync and that's just painfully broken.
In a way, it's a security vulnerability.
** Affects: ca-certificates (Ubuntu)
Importance: High
Status: Confirmed
** Affects: ca-certificates (Debian)
Importance: Unknown
Status: New
--
ca-certificates removes all users certificates in /etc/ssl/certs
https://bugs.launchpad.net/bugs/114495
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
