Mailinglist Archive: opensuse-security (25 mails)

< Previous Next >
[opensuse-security] openssl upgrade clobbers local certificates
  • From: Bob Vickers <bobv@xxxxxxxxxxxxx>
  • Date: Fri, 20 Nov 2009 10:31:34 +0000 (GMT)
  • Message-id: <alpine.LNX.2.00.0911201016370.8310@xxxxxxxxxxxxxxxxxxxxx>
I just wanted to warn other users that if you have installed local .crt certificates in /etc/ssl/certs then the recent openssl upgrade will remove the essential links which activates them.

So, before upgrade:

# ls -l | grep -i educat
lrwxrwxrwx 1 root root 27 Nov 19 10:04 7ffb3ace.0 ->
CyberTrustEducationalCA.crt
-rw-r--r-- 1 root root 1537 Jan 17 2008 CyberTrustEducationalCA.crt

after upgrade:
# ls -l | grep -i educat
-rw-r--r-- 1 root root 1537 Jan 17 2008 CyberTrustEducationalCA.crt


The culprit is /usr/bin/c_rehash which removes all the existing symbolic links but only reinstates the ones pointing to .pem files.

Regards,
Bob

==============================================================
Bob Vickers
Dept of Computer Science, Royal Holloway, University of London

--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >