[Pkg-openssl-devel] Bug#642314: Bug#642314: Bug#628780: Wrong hash link to cacert.org.pem and wron certificat hash handling at all

Michael Shuler michael at pbandjelly.org
Mon Jul 30 18:38:30 UTC 2012


On 07/29/2012 07:53 AM, Kurt Roeckx wrote:
> On Thu, Sep 22, 2011 at 10:15:50AM +0200, Loïc Minier wrote:
>>  Just thought of another minor issue with the new c_rehash handling
>>  multiple certs in the same file: when a piece of software follows the
>>  hashed symlink, the certificate it's looking for might not be the first
>>  one.  Is this verified to work with gnutls and openssl implementations?
>>  I wonder whether this could confuse some software in Debian that might
>>  be using the ssl API in a way that only the first certificate is tried.
> 
> So I would like to drop the patch, but cacert.org.pem still
> contains 2 cert files.
> 
> Michael, could you please consider splitting that file?

I'll take a look at this.  I don't recall the reason for combining those
off the top of my head, but I'll work on this as soon as I can.  Were
you targeting the patch removal from openssl for Wheezy?

-- 
Kind regards,
Michael



More information about the Pkg-openssl-devel mailing list