ca-certificates 2014.2.1 will remove several still valid CA certificates with weak keys
Kai Engert
kaie at kuix.de
Tue Aug 19 14:20:11 UTC 2014
On Tue, 2014-08-19 at 10:07 -0400, Miloslav Trmač wrote:
> ----- Original Message -----
> > If you experience such situations, the right approach is to contact the
> > owner of the certificate (or the server), and ask them to get a
> > replacement certificate, or to install a replacement certificate on
> > their SSL/TLS server.
>
> That’s the right thing to do of course, but leaves the users with an
> unusable system in the mean time. Could the update description at
> least generally point to how to work around this if the certificate
> owner is not (sufficiently quickly) responsive? Mirek
Most software has options to override certificate errors.
I don't want to encourage how to do that, and covering all potential
applications would result in a big list.
I'd assume that people who are desparate will find the options on how to
override certificate errors and connect anyway.
Kai
More information about the devel
mailing list