touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #88317
[Bug 1472378] [NEW] upgrading ca-certificates results in broken certificate chains
Public bug reported:
Found this (finally) upgrading a web server from lucid to precise (via
do-release-upgrade):
Preparing to replace ca-certificates 20141019ubuntu0.10.04.1 (using .../ca-certificates_20141019ubuntu0.12.04.1_all.deb) ...^M
Unpacking replacement ca-certificates ...^M
...
Setting up openssl (1.0.1-4ubuntu5.31) ...^M
Installing new version of config file /etc/ssl/openssl.cnf ...^M
Setting up ca-certificates (20141019ubuntu0.12.04.1) ...^M
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.^M
Running hooks in /etc/ca-certificates/update.d....done.^M
Setting up netbase (4.47ubuntu1) ...^M
...
And everything is broken. sometime between lucid and precise, the hash
function seems to have changed (there are 2 hashes per pemfile in
precise, and 1 per pemfile in lucid), and update-ca-certificates goes
"nothing to do here" instead of "hey, I need to rerun c_rehash to
generate the other symlink".
to reproduce: install a lucid box, and do-release-upgrade
lamont
** Affects: ca-certificates (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1472378
Title:
upgrading ca-certificates results in broken certificate chains
Status in ca-certificates package in Ubuntu:
New
Bug description:
Found this (finally) upgrading a web server from lucid to precise (via
do-release-upgrade):
Preparing to replace ca-certificates 20141019ubuntu0.10.04.1 (using .../ca-certificates_20141019ubuntu0.12.04.1_all.deb) ...^M
Unpacking replacement ca-certificates ...^M
...
Setting up openssl (1.0.1-4ubuntu5.31) ...^M
Installing new version of config file /etc/ssl/openssl.cnf ...^M
Setting up ca-certificates (20141019ubuntu0.12.04.1) ...^M
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.^M
Running hooks in /etc/ca-certificates/update.d....done.^M
Setting up netbase (4.47ubuntu1) ...^M
...
And everything is broken. sometime between lucid and precise, the
hash function seems to have changed (there are 2 hashes per pemfile in
precise, and 1 per pemfile in lucid), and update-ca-certificates goes
"nothing to do here" instead of "hey, I need to rerun c_rehash to
generate the other symlink".
to reproduce: install a lucid box, and do-release-upgrade
lamont
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1472378/+subscriptions
Follow ups