SSL certificate issue in Debian boinc-client

[Gianfranco Costamagna]

Hi,
>Nothing expired here. Mozilla decided it is a good thing to remove root

>certificates that are signed using SHA1 and Debian followed suite. But
>the removal of those (still valid) certificates in Jessie uncovered the
>Bug in openssl (which mainly affects curl on Jessie (wget is working).
>I don't know how to escalate the ca-certificates bug so someone is
>reverting the change there. The security team won't like this also
>because they will consider the SHA1 certificates as insecure. But they
>also do not allow an upgrade of openssl because this will pull in new
>features.
>

>
>So the question is: How can I get the ca-certificates maintainers to
>revert there change? By elevating the Bug to release critical?


please open a serious bug against the package, explaining why it needs to be reverted
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=ca-certificates

and be sure to set exactly the affected version(s).

>Thanks for your time anyway.


I can try to have a fixed ca-certificates in jessie if needed, this would be the best move.
(and maybe let security team do this)


cheers,

G.