[Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Raphael Geissert
geissert at debian.org
Sun Sep 4 06:37:19 UTC 2011
On Saturday 03 September 2011 01:45:22 Mike Hommey wrote:
> Looking at the patches, this really is:
[...]
Ok, with the patches we got NSS covered, but we still need to do something for
other users.
A first look at stuff we ship, this seems to be their current status:
* NSS:
ice* packages should be okay after the latest NSS update.
* OpenSSL
Nothing special here
* GnuTLS
Nothing special here
* chromium:
Even after the NSS update, it seems to be happy to use the Explicitly
Distrusted certs.
* Qt:
Qt4 has built-in support for SSL via OpenSSL.
Qt 4.7 (wheezey+) uses certs from /etc/ssl
Qt 4.6 and older (lenny, squeeze) uses its own bundled list of certs.
DigiNotar not included
Qt3 doesn't have built-in support for SSL.
Qt3-based software often use QCA, see below
* QCA
There are two versions: 1 for Qt3 and 2 for Qt4, both use OpenSSL as the
backend for SSL.
Seems like it would be better if we also handled the issue at the libssl
level. OpenSSL maintainers: does that sound doable?
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Pkg-openssl-devel
mailing list