Control: severity -1 minor On Mon, Feb 5, 2024 at 10:19:10 +0800, Paul Wise wrote:
> I noticed that there is one expired certificate in ca-certificates: > > $ cat test > now=$(date -u) > date -d "$now" > now="$(date -d "$now" +%s)" > for f in /usr/share/ca-certificates/mozilla/* ; do > date="$(openssl x509 -enddate -noout -in "$f" | cut -d= -f2)" > d="$(date -d "$date" +%s)" > if [ $((d<=now)) -eq 1 ] ; then > echo Expired: $f $date $d $now > fi > done > $ sh test > Mon 05 Feb 2024 10:13:46 AWST > Expired: > /usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt Sep 30 > 04:20:49 2023 GMT 1696047649 1707099226 > > It might be a good idea to add an autopkgtest to check them. > It doesn't actually matter, though, and it'll be gone next time we pull from mozilla. Cheers, Julien

