[Pkg-openssl-devel] Bug#622679: Bug#622679: libssl1.0.0: certificate verification fails for about every server
Kurt Roeckx
kurt at roeckx.be
Wed Apr 13 23:12:46 UTC 2011
reopen 622679
reassign 622679 openssl,ca-certificates
severity 622679 important
thanks
On Wed, Apr 13, 2011 at 10:15:15PM +0200, Sven Joachim wrote:
>
> On 2011-04-13 21:09 +0200, Sven Joachim wrote:
>
> > Package: libssl1.0.0
> > Version: 1.0.0d-1
> > Severity: important
> >
> > It seems all the certificates in /etc/ssl/certs have become pretty much
> > useless now, because just about every connection fails either with error
> > 20 (unable to get local issuer certificate) or error 19 (self signed
> > certificate in certificate chain)
>
> On debian-user-german, Sven Hartge noted that this is because of bug
> #611102, I'm merging the bugs. And bumping the severity, because now
> either libssl1.0.0 programs or GNUTLS/libssl0.9.8 programs will be
> broken, depending on whether you run update-ca-certificates or not. :-/
So I uploaded a fixed version, but I guess it doesn't completly
solve the problem since the new symlinks need to be created for
people. I guess the postinst script of something needs to be
changed to call c_rehash or update-ca-certificates. And I'm
not sure doing that in openssl is the right place. So maybe
this needs to happen in ca-certificates?
Kurt
More information about the Pkg-openssl-devel
mailing list