[Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Mike Hommey
mh at glandium.org
Sun Sep 4 07:34:13 UTC 2011
On Sun, Sep 04, 2011 at 01:37:19AM -0500, Raphael Geissert wrote:
> On Saturday 03 September 2011 01:45:22 Mike Hommey wrote:
> > Looking at the patches, this really is:
> [...]
>
> Ok, with the patches we got NSS covered, but we still need to do something for
> other users.
>
> A first look at stuff we ship, this seems to be their current status:
> * NSS:
> ice* packages should be okay after the latest NSS update.
>
> * OpenSSL
> Nothing special here
>
> * GnuTLS
> Nothing special here
>
> * chromium:
> Even after the NSS update, it seems to be happy to use the Explicitly
> Distrusted certs.
>
> * Qt:
> Qt4 has built-in support for SSL via OpenSSL.
> Qt 4.7 (wheezey+) uses certs from /etc/ssl
> Qt 4.6 and older (lenny, squeeze) uses its own bundled list of certs.
> DigiNotar not included
If Entrust is included, there's still a problem.
Mike
More information about the Pkg-openssl-devel
mailing list