[Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

Kurt Roeckx kurt at roeckx.be
Sun Sep 4 10:02:48 UTC 2011


On Sun, Sep 04, 2011 at 01:37:19AM -0500, Raphael Geissert wrote:
> 
> Seems like it would be better if we also handled the issue at the libssl 
> level. OpenSSL maintainers: does that sound doable?

I'm not sure what you mean.  We don't provide any certificates,
you need to tell openssl which certs to use, which can be a file
or directory.  There are certificates provided by ca-certificates,
which is probably what most people would use and afaik the DigiNotar
CA got dropped from it.

Their is also openssl-blacklist, but it doesn't seem to have
much users.


Kurt




More information about the Pkg-openssl-devel mailing list