Package: ca-certificates
Version: 20080809
Severity: normal

Some applications, in particular lighttpd, require the CRL file to
contain no duplicates.

Currently, ca-certificates provide the following duplicates:

cacert.org/class3.crt
cacert.org/root.crt
quovadis.bm/QuoVadis_Root_Certification_Authority.crt

With all certs enabled, the following error occurs in lighttpd:

Reloading web server configuration: lighttpd2008-09-11 22:34:53: 
(network.c.377) SSL: Private key does not match the certificate public key, 
reason: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert 
already in hash table /etc/ssl/private/lighttpd.pem 

With the above 3 certs disabled, lighttpd works.


A possible fix would be to check for and suppress duplicates when
generating the CRL file.


 - Jonas

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27-rc5-amd64 (SMP w/2 CPU cores)
Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]         1.5.23     Debian configuration management sy
ii  openssl                       0.9.8g-13  Secure Socket Layer (SSL) binary a

ca-certificates recommends no packages.

ca-certificates suggests no packages.

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to