Your message dated Thu, 21 Apr 2011 19:32:08 +0000
with message-id <e1qczbk-0000hs...@franck.debian.org>
and subject line Bug#611102: fixed in ca-certificates 20110421
has caused the Debian Bug report #611102,
regarding can't find certicates because of hash changes, should call c_rehash
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
611102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611102
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openssl
Version: 1.0.0c-2
Severity: important
From x509(1ssl) manpage:
| The hash algorithm used in the -subject_hash and -issuer_hash options before
| OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding of
the
| distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical
| version of the DN using SHA1. This means that any directories using the old
| form must have their links rebuilt using c_rehash or similar.
Unfortunately that also means that if c_rehash is run on /etc/ssl/certs/
(e.g. by ca-certificates postinst), packages using GnuTLS or older
OpenSSL won't be able to find certificates anymore.
Here's a proposed patch:
http://rt.openssl.org/Ticket/Display.html?id=2272&user=guest&pass=guest
(Though IMO compatibility symlinks should be created unconditionally.)
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
Source: ca-certificates
Source-Version: 20110421
We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive:
ca-certificates_20110421.dsc
to main/c/ca-certificates/ca-certificates_20110421.dsc
ca-certificates_20110421.tar.gz
to main/c/ca-certificates/ca-certificates_20110421.tar.gz
ca-certificates_20110421_all.deb
to main/c/ca-certificates/ca-certificates_20110421_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 611...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <k...@roeckx.be> (supplier of updated ca-certificates package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 Apr 2011 18:56:08 +0200
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20110421
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packa...@qa.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
ca-certificates - Common CA certificates
Closes: 611102
Changes:
ca-certificates (20110421) unstable; urgency=low
.
* QA upload.
* Package is orphaned, set maintainer to QA group
* Depend on openssl 1.0.0 and force a call of c_rehash so that we have
both the old and new style of symlinks. (Closes: #611102)
* Remove libssl0.9.8 from enhances
* Update mozilla certdata.txt file to the latest version.
Removed:
- ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
- beTRUSTed_Root_CA-Baltimore_Implementation.crt
- beTRUSTed_Root_CA.crt
- beTRUSTed_Root_CA_-_Entrust_Implementation.crt
- beTRUSTed_Root_CA_-_RSA_Implementation.crt
- Digital_Signature_Trust_Co._Global_CA_2.crt
- Digital_Signature_Trust_Co._Global_CA_4.crt
- Entrust.net_Global_Secure_Personal_CA.crt
- Entrust.net_Global_Secure_Server_CA.crt
- Entrust.net_Secure_Personal_CA.crt
- GTE_CyberTrust_Root_CA.crt
- IPS_Chained_CAs_root.crt
- IPS_CLASE1_root.crt
- IPS_CLASE3_root.crt
- IPS_CLASEA1_root.crt
- IPS_CLASEA3_root.crt
- IPS_Servidores_root.crt
- IPS_Timestamping_root.crt
- RSA_Security_1024_v3.crt
- StartCom_Ltd..crt
- Thawte_Personal_Basic_CA.crt
- Thawte_Personal_Premium_CA.crt
- UTN-USER_First-Network_Applications.crt
- Verisign_RSA_Secure_Server_CA.crt
- Verisign_Time_Stamping_Authority_CA.crt
- Visa_International_Global_Root_2.crt
Added:
- ACEDICOM_Root.crt
- AC_Raíz_Certicámara_S.A..crt
- ApplicationCA_-_Japanese_Government.crt
- Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
- Buypass_Class_2_CA_1.crt
- Buypass_Class_3_CA_1.crt
- CA_Disig.crt
- Certigna.crt
- certSIGN_ROOT_CA.crt
- Chambers_of_Commerce_Root_-_2008.crt
- CNNIC_ROOT.crt
- ComSign_CA.crt
- ComSign_Secured_CA.crt
- Cybertrust_Global_Root.crt
- Deutsche_Telekom_Root_CA_2.crt
- EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
- E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
- ePKI_Root_Certification_Authority.crt
- GeoTrust_Primary_Certification_Authority_-_G2.crt
- GeoTrust_Primary_Certification_Authority_-_G3.crt
- Global_Chambersign_Root_-_2008.crt
- GlobalSign_Root_CA_-_R3.crt
- Hongkong_Post_Root_CA_1.crt
- IGC_A.crt
- Izenpe.com.crt
- Juur-SK.crt
- Microsec_e-Szigno_Root_CA_2009.crt
- Microsec_e-Szigno_Root_CA.crt
- NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
- OISTE_WISeKey_Global_Root_GA_CA.crt
- SecureSign_RootCA11.crt
- Security_Communication_EV_RootCA1.crt
- Staat_der_Nederlanden_Root_CA_-_G2.crt
- S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
- TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
- TC_TrustCenter_Class_2_CA_II.crt
- TC_TrustCenter_Class_3_CA_II.crt
- TC_TrustCenter_Universal_CA_I.crt
- TC_TrustCenter_Universal_CA_III.crt
- thawte_Primary_Root_CA_-_G2.crt
- thawte_Primary_Root_CA_-_G3.crt
- VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
- VeriSign_Universal_Root_Certification_Authority.crt
Changed:
- Verisign_Class_1_Public_Primary_Certification_Authority.crt
- Verisign_Class_3_Public_Primary_Certification_Authority.crt
* Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
* String decode the mozilla certdata.txt so the filenames show up as
proper UTF-8 strings.
Checksums-Sha1:
658e1e50a1f34a6d27b729edd1b0b03dd541571e 1440 ca-certificates_20110421.dsc
5097a66b926c73e2a210f2d1410451966627302c 278049 ca-certificates_20110421.tar.gz
863a3eabb7366e69942bfe10f6c2cd99c145d0b8 176778
ca-certificates_20110421_all.deb
Checksums-Sha256:
bac1c47dc886c823daba954408e341fd7e72ab2abe95e22f17a6e1de1be8cb91 1440
ca-certificates_20110421.dsc
30069a2a39ddd0cda32851a8292d2f489e0bed40a64a19e6e384d4d37d9fc418 278049
ca-certificates_20110421.tar.gz
a60a9c0faf1847df4553ce13ffe337412b88dd1b9d502741ac1760204c0bdda3 176778
ca-certificates_20110421_all.deb
Files:
5c337c2d65ec430e94e2a2a7abad3168 1440 misc optional
ca-certificates_20110421.dsc
59edcd927a76cf78ec5bb43f248ea68d 278049 misc optional
ca-certificates_20110421.tar.gz
c5f5f65590899066d55e874fa59e03aa 176778 misc optional
ca-certificates_20110421_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJNsIQlAAoJEGpMZM6DE7XwrWoP/it0a9RbmgWpxpJzJyyMhi/7
AlvLLx1AodMnBFeS8x81l40ibcgRmZPqfqO8DjrSxOOwqN57FeJqXUGpp7OsNEEn
M21BSrS/mhs9KDjm6PZK+My05duuDXqXyHPDJcR0UAKdfSWiOVv9DOjMx09WEneo
PJ/4mcn8GtdpXHmfaeSCw2jqFkOYz2TG+dH2AyTHL6y1twqq3+dECd9p5twCSJ9F
3ITrXFUjoQ/MNoDJ53VFRylx2kNOHsUyhZkFkjiPEyiBOhAAGL+TXgeiknW+Z6M8
73jc567LU6TIwLRoT9Hb/g8+4kn/yD7FFDNUlJwt4uxsHZOUtwRVE39oJKE/+FfL
qlJoKGG/v6o9A5nGvKQjAd8nvX8+GxoIcV9JUeB0JLgoCgvlPIFwKT1iIxYWA10E
Qt8s1EzK0ngZIHv/FjMwW7M/hfL7oybHhKqiDXJ7L7j2Ohh99sSOOx4PZCaSml8g
rjops5ypIqhsHleVZ+ZG6wZVl/fYeKqt9g2EW3dBKEMN+YxAnuwMdxhBYSX3wc90
w3Fffc2mef8skcAxrwKfrICD1lnVbnO62g8QtwP1OCECqMod4wvuWN1f7jZU6diU
oD1SgJdDT9HwhzTJwjGD+SLj/YNAAItGiYWi+jGuCJb+dcNtoRZVpPJ/Po7+vfBr
kghu5SP6JXiDheADWUKg
=Xa4d
-----END PGP SIGNATURE-----
--- End Message ---
