Package: ca-certificates Version: 20080809 Severity: normal Some applications, in particular lighttpd, require the CRL file to contain no duplicates.
Currently, ca-certificates provide the following duplicates: cacert.org/class3.crt cacert.org/root.crt quovadis.bm/QuoVadis_Root_Certification_Authority.crt With all certs enabled, the following error occurs in lighttpd: Reloading web server configuration: lighttpd2008-09-11 22:34:53: (network.c.377) SSL: Private key does not match the certificate public key, reason: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table /etc/ssl/private/lighttpd.pem With the above 3 certs disabled, lighttpd works. A possible fix would be to check for and suppress duplicates when generating the CRL file. - Jonas -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27-rc5-amd64 (SMP w/2 CPU cores) Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.23 Debian configuration management sy ii openssl 0.9.8g-13 Secure Socket Layer (SSL) binary a ca-certificates recommends no packages. ca-certificates suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

