SSL certificate issue in Debian boinc-client
costamagnagianfranco at yahoo.it
Tue Feb 23 17:10:24 UTC 2016
>Nothing expired here. Mozilla decided it is a good thing to remove root
>certificates that are signed using SHA1 and Debian followed suite. But
>the removal of those (still valid) certificates in Jessie uncovered the
>Bug in openssl (which mainly affects curl on Jessie (wget is working).
>I don't know how to escalate the ca-certificates bug so someone is
>reverting the change there. The security team won't like this also
>because they will consider the SHA1 certificates as insecure. But they
>also do not allow an upgrade of openssl because this will pull in new
>So the question is: How can I get the ca-certificates maintainers to
>revert there change? By elevating the Bug to release critical?
please open a serious bug against the package, explaining why it needs to be reverted
and be sure to set exactly the affected version(s).
>Thanks for your time anyway.
I can try to have a fixed ca-certificates in jessie if needed, this would be the best move.
(and maybe let security team do this)
More information about the pkg-boinc-devel