ca-certificates 2014.2.1 will remove several still valid CA certificates with weak keys
Adam Williamson
adamwill at fedoraproject.org
Tue Sep 9 14:39:00 UTC 2014
On Tue, 2014-09-09 at 15:28 +0200, Reindl Harald wrote:
> Am 09.09.2014 um 08:26 schrieb Adam Williamson:
> > certificate_list
> > This is a sequence (chain) of certificates. The sender's
> > certificate MUST come first in the list. Each following
> > certificate MUST directly certify the one preceding it. Because
> > certificate validation requires that root keys be distributed
> > independently, the self-signed certificate that specifies the root
> > certificate authority MAY be omitted from the chain, under the
> > assumption that the remote end must already possess it in order to
> > validate it in any case
>
> sure?
Well, I mean, that's what's written down in the RFC, you can go read it
for yourself. I'm not setting myself up as the world's leading authority
on TLS, I need at least another fifteen minutes of googling before I do
that. ;)
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
More information about the devel
mailing list