ca-certificates 2014.2.1 will remove several still valid CA certificates with weak keys

Michael Catanzaro mcatanzaro at
Fri Oct 31 17:22:41 UTC 2014

On Fri, 2014-10-31 at 15:53 +0100, Nikos Mavrogiannopoulos wrote:
> Are you sure that this is the case with the current package? My F21
> can
> no longer connect to network to test, but gnutls in it should
> reconstruct the chain similarly to what nss does (not very similarly
> to
> be precise but the end result should be the same). If it is not the
> case
> please report it as bug and I'll check it out.

No, I haven't tested this in a month or two. If there's been recent work
on NSS compatibility, that's awesome.

Complicating the matter is that these pages sometimes work and sometimes
don't (CDN magic I suppose) so we really have to rely on bug reports to
know if there's breakage, and we won't get those unless the compat
certificates are removed (which I certainly don't suggest).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the devel mailing list