ca-certificates 2014.2.1 will remove several still valid CA certificates with weak keys
mcatanzaro at gnome.org
Fri Oct 31 17:22:41 UTC 2014
On Fri, 2014-10-31 at 15:53 +0100, Nikos Mavrogiannopoulos wrote:
> Are you sure that this is the case with the current package? My F21
> no longer connect to network to test, but gnutls in it should
> reconstruct the chain similarly to what nss does (not very similarly
> be precise but the end result should be the same). If it is not the
> please report it as bug and I'll check it out.
No, I haven't tested this in a month or two. If there's been recent work
on NSS compatibility, that's awesome.
Complicating the matter is that these pages sometimes work and sometimes
don't (CDN magic I suppose) so we really have to rely on bug reports to
know if there's breakage, and we won't get those unless the compat
certificates are removed (which I certainly don't suggest).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: This is a digitally signed message part
More information about the devel