You made a very good investigation on the topic.
I agree that a public cert shouldn't be placed into the same folder as
CA certs. There is some mention of a weird bug
https://serverfault.com/a/840191/442430
Instead I think that both private key and cert should be merged into a
one file and placed
I just came across this while configuring the CA certs for some
software. It would be really nice if this security issue were fixed at
some point. In the meantime, it looks like
/etc/ssl/certs/ca-certificates.crt doesn't have the snake oil
certificate (at least on my systems) even though /etc/s
severity 790943 normal
thanks
On Friday 03 July 2015 10:56:54, Daniel Pocock wrote:
> I've marked this bug serious because it could lead to security
> problems if people mix root certs and other certs in the same
> directory
The certificates generated by make-ssl-cert all have "X509v3 Basic
Cons
On Fri, 03 Jul 2015 10:56:54 +0200 Daniel Pocock wrote:
> Some other packages refer to /etc/ssl/certs as a directory of trusted
> roots. E.g. according to this page: https://wiki.debian.org/ServicesSSL
> the whole directory was trusted by wget in wheezy but not in jessie.
You have misunderstood
Package: ssl-cert
Version: 1.0.35
Severity: serious
I've marked this bug serious because it could lead to security problems
if people mix root certs and other certs in the same directory
This package provides the script /usr/sbin/make-ssl-cert
It creates certificates and puts the public key / ce
5 matches
Mail list logo
