Package: ca-certificates
Version: 20090814
Severity: important
For some time I've seen these messages in the syslog:
gnome-keyring-daemon: couldn't parse certificate(s):
/etc/ssl/certs/COMODO_ECC_Certification_Authority.pem: 2 Time(s)
gnome-keyring-daemon: couldn't parse certificate(s):
/etc/ssl/certs/ca-certificates.crt: 1 Time(s)
gnome-keyring-daemon: invalid subject public-key info: 2 Time(s)
gnome-keyring-daemon: unsupported key algorithm in certificate:
1.2.840.10045.2.1: 2 Time(s)
Because of one corrupted certificate the automatically generated file
'ca-certificates.crt' which contain all CAs is also invalid. This affects
several packages configured to use this file.
I've checked the file with certtool and reports the same:
$ certtool --certificate-info --infile
/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
|<1>| _gnutls_x509_get_pk_algorithm: unhandled algorithm 0
|<1>| Unknown SIGN OID: '1.2.840.10045.4.3.3'
X.509 Certificate Information:
Version: 3
Serial Number (hex): 1f47afaa62007050544c019e9b63992a
Issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA
Limited,CN=COMODO ECC Certification Authority
Validity:
Not Before: Thu Mar 06 00:00:00 UTC 2008
Not After: Mon Jan 18 23:59:59 UTC 2038
Subject: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA
Limited,CN=COMODO ECC Certification Authority
Subject Public Key Algorithm: unknown
Extensions:
Subject Key Identifier (not critical):
7571a7194819bc9d9dea4147df94c4487799d379
Key Usage (critical):
Certificate signing.
CRL signing.
Basic Constraints (critical):
Certificate Authority (CA): TRUE
Signature Algorithm: unknown
Signature:
30:65:02:31:00:ef:03:5b:7a:ac:b7:78:0a:72:b7:88
df:ff:b5:46:14:09:0a:fa:a0:e6:7d:08:c6:1a:87:bd
18:a8:73:bd:26:ca:60:0c:9d:ce:99:9f:cf:5c:0f:30
e1:be:14:31:ea:02:30:14:f4:93:3c:49:a7:33:7a:90
46:47:b3:63:7d:13:9b:4e:b7:6f:18:37:80:53:fe:dd
20:e0:35:9a:36:d1:c7:01:b9:e6:dc:dd:f3:ff:1d:2c
3a:16:57:d9:92:39:d6
Other Information:
MD5 fingerprint:
7c62ff749d31535e684ad578aa1ebf23
SHA-1 fingerprint:
9f744e9f2b4dbaec0f312c50b6563b8e2d93c311
Public Key Id:
f7f3019450ba3e69ec9a50f502d13845cc931372
Please include the correct CA file or remove the broken one.
Thanks
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages ca-certificates depends on:
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii openssl 0.9.8k-5 Secure Socket Layer (SSL) binary a
ca-certificates recommends no packages.
ca-certificates suggests no packages.
-- debconf information:
ca-certificates/enable_crts: brasil.gov.br/brasil.gov.br.crt,
cacert.org/cacert.org.crt, debconf.org/ca.crt, gouv.fr/cert_igca_dsa.crt,
gouv.fr/cert_igca_rsa.crt,
mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt,
mozilla/AddTrust_External_Root.crt,
mozilla/AddTrust_Low-Value_Services_Root.crt,
mozilla/AddTrust_Public_Services_Root.crt,
mozilla/AddTrust_Qualified_Certificates_Root.crt,
mozilla/America_Online_Root_Certification_Authority_1.crt,
mozilla/America_Online_Root_Certification_Authority_2.crt,
mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt,
mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt,
mozilla/Baltimore_CyberTrust_Root.crt,
mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt,
mozilla/beTRUSTed_Root_CA.crt,
mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt,
mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt,
mozilla/Camerfirma_Chambers_of_Commerce_Root.crt,
mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Certplus_Class_2_
Primary_CA.crt, mozilla/Certum_Root_CA.crt,
mozilla/Comodo_AAA_Services_root.crt,
mozilla/COMODO_Certification_Authority.crt,
mozilla/COMODO_ECC_Certification_Authority.crt,
mozilla/Comodo_Secure_Services_root.crt,
mozilla/Comodo_Trusted_Services_root.crt,
mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Global_Root_CA.crt,
mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/DigiNotar_Root_CA.crt,
mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt,
mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt,
mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt,
mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt,
mozilla/DST_ACES_CA_X6.crt, mozilla/DST_Root_CA_X3.crt,
mozilla/Entrust.net_Global_Secure_Personal_CA.crt,
mozilla/Entrust.net_Global_Secure_Server_CA.crt,
mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt,
mozilla/Entrust.net_Secure_Personal_CA.crt,
mozilla/Entrust.net_Secure_Server_CA.crt,
mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Equifax_
Secure_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt,
mozilla/Equifax_Secure_eBusiness_CA_2.crt,
mozilla/Equifax_Secure_Global_eBusiness_CA.crt,
mozilla/Firmaprofesional_Root_CA.crt, mozilla/GeoTrust_Global_CA_2.crt,
mozilla/GeoTrust_Global_CA.crt,
mozilla/GeoTrust_Primary_Certification_Authority.crt,
mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GeoTrust_Universal_CA.crt,
mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt,
mozilla/Go_Daddy_Class_2_CA.crt, mozilla/GTE_CyberTrust_Global_Root.crt,
mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/IPS_Chained_CAs_root.crt,
mozilla/IPS_CLASE1_root.crt, mozilla/IPS_CLASE3_root.crt,
mozilla/IPS_CLASEA1_root.crt, mozilla/IPS_CLASEA3_root.crt,
mozilla/IPS_Servidores_root.crt, mozilla/IPS_Timestamping_root.crt,
mozilla/NetLock_Business_=Class_B=_Root.crt,
mozilla/NetLock_Express_=Class_C=_Root.crt,
mozilla/NetLock_Notary_=Class_A=_Root.crt,
mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/Network_Solutions_Certifi
cate_Authority.crt, mozilla/QuoVadis_Root_CA_2.crt,
mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA.crt,
mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_1024_v3.crt,
mozilla/RSA_Security_2048_v3.crt, mozilla/Secure_Global_CA.crt,
mozilla/SecureTrust_CA.crt, mozilla/Security_Communication_Root_CA.crt,
mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt,
mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt,
mozilla/StartCom_Certification_Authority.crt, mozilla/StartCom_Ltd..crt,
mozilla/Swisscom_Root_CA_1.crt, mozilla/SwissSign_Gold_CA_-_G2.crt,
mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt,
mozilla/Taiwan_GRCA.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt,
mozilla/TC_TrustCenter__Germany__Class_3_CA.crt,
mozilla/TDC_Internet_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt,
mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt,
mozilla/Thawte_Personal_Premium_CA.
crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/thawte_Primary_Root_CA.crt,
mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt,
mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt,
mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt,
mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt,
mozilla/UTN_USERFirst_Hardware_Root_CA.crt,
mozilla/UTN-USER_First-Network_Applications.crt,
mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt,
mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt,
mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt,
mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt,
mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt,
mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt,
mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt,
mozilla/Verisign_Class_3_Public_Primary_Certificati
on_Authority.crt,
mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt,
mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt,
mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt,
mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt,
mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt,
mozilla/Verisign_RSA_Secure_Server_CA.crt,
mozilla/Verisign_Time_Stamping_Authority_CA.crt,
mozilla/Visa_eCommerce_Root.crt, mozilla/Visa_International_Global_Root_2.crt,
mozilla/Wells_Fargo_Root_CA.crt,
mozilla/WellsSecure_Public_Root_Certificate_Authority.crt,
mozilla/XRamp_Global_CA_Root.crt, signet.pl/signet_ca1_pem.crt,
signet.pl/signet_ca2_pem.crt, signet.pl/signet_ca3_pem.crt,
signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_ocspklasa3_pem.crt,
signet.pl/signet_pca2_pem.crt, signet.pl/signet_pca3_pem.crt,
signet.pl/signet_rootca_pem.crt, signet.pl/signet_tsa1_pem.crt, spi-inc.org/sp
i-ca-2003.crt, spi-inc.org/spi-cacert-2008.crt,
telesec.de/deutsche-telekom-root-ca-2.crt
ca-certificates/new_crts:
ca-certificates/trust_new_crts: yes
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
