[Pkg-openssl-devel] Bug#642314: Bug#642314: Bug#628780: Wrong hash link to cacert.org.pem and wron certificat hash handling at all
Michael Shuler
michael at pbandjelly.org
Mon Jul 30 18:38:30 UTC 2012
On 07/29/2012 07:53 AM, Kurt Roeckx wrote:
> On Thu, Sep 22, 2011 at 10:15:50AM +0200, Loïc Minier wrote:
>> Just thought of another minor issue with the new c_rehash handling
>> multiple certs in the same file: when a piece of software follows the
>> hashed symlink, the certificate it's looking for might not be the first
>> one. Is this verified to work with gnutls and openssl implementations?
>> I wonder whether this could confuse some software in Debian that might
>> be using the ssl API in a way that only the first certificate is tried.
>
> So I would like to drop the patch, but cacert.org.pem still
> contains 2 cert files.
>
> Michael, could you please consider splitting that file?
I'll take a look at this. I don't recall the reason for combining those
off the top of my head, but I'll work on this as soon as I can. Were
you targeting the patch removal from openssl for Wheezy?
--
Kind regards,
Michael
More information about the Pkg-openssl-devel
mailing list