[Bug 1764848] Re: Upgrade to ca-certificates to 20180409 causes ca-certificates.crt to be removed if duplicate certs found

derisolde derisolde at gmail.com
Thu Apr 26 07:40:09 UTC 2018 

"Wenn Sie in diesen weiteren Code von openssl eintauchen, gibt apps /
rehash.c 1 zurück, wenn ein doppeltes Zertifikat gefunden wird.

https: // github. com / openssl / openssl / blob / master / apps /
rehash. c # L126

Während c_rehash.c gerade zurückkehrt.

https: // github. com / openssl / openssl / blob / master / tools / c_
rehash. in # L172"


Sorry, my Ubuntu knowledge is obviously not as good as yours. Can you
help me to implement your proposal. How can I change the code of
openssl?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1764848

Title:
  Upgrade to ca-certificates to 20180409 causes ca-certificates.crt to
  be removed if duplicate certs found

Status in Ubuntu Single Sign On Client:
  New
Status in ca-certificates package in Ubuntu:
  Invalid
Status in openssl package in Ubuntu:
  Fix Released
Status in ca-certificates source package in Bionic:
  Invalid
Status in openssl source package in Bionic:
  Fix Released
Status in ca-certificates package in Debian:
  New

Bug description:
  The certificate /usr/share/ca-
  certificates/mozilla/Go_Daddy_Class_2_CA.crt in package ca-
  certificates is conflicting with /etc/ssl/certs/UbuntuOne-
  Go_Daddy_Class_2_CA.pem from package python-ubuntu-sso-client.

  This results in the postinst trigger for ca-certificates to remove the
  /etc/ssl/certs/ca-certificates.crt file.  This happens because the
  postinst trigger runs update-ca-certificates --fresh.

  If I run update-ca-certificates without the --fresh flag, the conflict
  is a non-issue and the ca-certificates.crt file is restored.

  If I understand some of the postinst code correctly, --fresh should
  only be run if called directly or if upgrading from a ca-certificates
  version older than 2011.

  Running bionic with daily -updates channel and ran into this this
  morning due to the release of ca-certificates version 20180409.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-sso-client/+bug/1764848/+subscriptions

More information about the foundations-bugs mailing list