[Pkg-openssl-devel] Bug#642314: Bug#642314: Bug#628780: Wrong hash link to cacert.org.pem and wron certificat hash handling at all
Kurt Roeckx
kurt at roeckx.be
Sun Sep 9 06:51:41 UTC 2012
On Mon, Jul 30, 2012 at 01:38:30PM -0500, Michael Shuler wrote:
> On 07/29/2012 07:53 AM, Kurt Roeckx wrote:
> > On Thu, Sep 22, 2011 at 10:15:50AM +0200, Loïc Minier wrote:
> >> Just thought of another minor issue with the new c_rehash handling
> >> multiple certs in the same file: when a piece of software follows the
> >> hashed symlink, the certificate it's looking for might not be the first
> >> one. Is this verified to work with gnutls and openssl implementations?
> >> I wonder whether this could confuse some software in Debian that might
> >> be using the ssl API in a way that only the first certificate is tried.
> >
> > So I would like to drop the patch, but cacert.org.pem still
> > contains 2 cert files.
> >
> > Michael, could you please consider splitting that file?
>
> I'll take a look at this. I don't recall the reason for combining those
> off the top of my head, but I'll work on this as soon as I can. Were
> you targeting the patch removal from openssl for Wheezy?
Yes, I want to drop the patch for wheezy.
Kurt
More information about the Pkg-openssl-devel
mailing list