ca-certificates 2014.2.1 will remove several still valid CA certificates with weak keys
nmav at redhat.com
Fri Oct 31 19:37:16 UTC 2014
----- Original Message -----
> This isn't a recent change, see . I presume Amazon is most likely
> still broken in Epiphany (when these roots are removed) as there's been
> no action on , where we decided that gnutls-cli accepted
> www.amazon.com because it uses certs if they're valid for either email
> or TLS, whereas GLib only uses certs if they're valid for TLS.
> Note that due to CDN magic, sites like Amazon load lots of subresources
> like images and CSS over connections using unrelated certs, so a more
> reliable test is to actually open the web page in a browser.
>  https://bugzilla.redhat.com/show_bug.cgi?id=1134602
I've reassigned the original bug to gnutls and closed with next release (F21). A fix for F20 is very hard to occur and would most probably introduce unncessary issues. If anything remains, feel free to reopen with more information.
More information about the devel