1. Impact: programs doing certificate validation using openssl root 
certificates shipped with the distribution stop working with encrypted 
connections if ca-certificates was installed in a pt_BR locale. Examples: wget, 
curl, landscape-client.
2. The problem was a variable that was wrongly tagged to be translated. It just 
happened that the pt_BR translation was the first one to hit it. The fix is in 
hardy, package version 20070303-0ubuntu1
3. Patch is available in this report, as well in the aforementioned package, 
and attached to upstream debian report. I understand that the final patch is 
slightly different due to policies.
4. TEST CASE: see comment at 
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/153625/comments/12
5. Possible, unverified regression, is that users loose whatever certificates 
they may have marked as trusted before, i.e., they would have to go through the 
list again in the worst case scenario. But since the default behavior of this 
package is to mark all certs as trusted, I don't expect many users would have a 
custom list. I also personally didn't test if a simple upgrade is enough to fix 
this issue for users who already have the broken package. This is my first SRU 
request: I'm not sure if I have to do these tests or if some QA team will do it.
Finally, I also didn't check if previous Ubuntu releases have this bug too. I 
only know of Gutsy and Hardy, which I have installed.
-- 
update-ca-certificates error. ca-certificates.crt empty (with pt_BR locale)
https://bugs.launchpad.net/bugs/153625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to