Bug 442630

Summary: openssl-certs: trusted certificates are not linked correctly
Product: [openSUSE] openSUSE 11.1 Reporter: Michael Calmer <mc>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P2 - High CC: abittner
Version: Beta 4   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Michael Calmer 2008-11-07 09:55:41 UTC 
The certificates in /etc/ssl/certs/ are not linked correctly.

I did an update from 11.0 to 11.1 Beta4. The registration throw now a SSL negotiation error because of an invalid certificate (not trusted).

Now I found out that no link exists to the Equifax_Secure_CA.pem certificate.

#> l /etc/ssl/certs/ | grep Equifax
lrwxrwxrwx 1 root root    38 Nov  3 10:42 74c26bd0.0 -> Equifax_Secure_Global_eBusiness_CA.pem
lrwxrwxrwx 1 root root    33 Nov  3 10:42 8f7b96c4.0 -> Equifax_Secure_eBusiness_CA_2.pem
-rw-r--r-- 1 root root  1143 Oct 24 08:23 Equifax_Secure_CA.pem
-rw-r--r-- 1 root root   948 Oct 24 08:23 Equifax_Secure_Global_eBusiness_CA.pem
-rw-r--r-- 1 root root   932 Oct 24 08:23 Equifax_Secure_eBusiness_CA_1.pem
-rw-r--r-- 1 root root  1143 Oct 24 08:23 Equifax_Secure_eBusiness_CA_2.pem
lrwxrwxrwx 1 root root    33 Nov  3 10:42 e7b8d656.0 -> Equifax_Secure_eBusiness_CA_1.pem

After calling "c_rehash /etc/ssl/certs" everything works fine.
Comment 1 Michael Calmer 2008-11-26 09:13:50 UTC 
*** Bug 439318 has been marked as a duplicate of this bug. ***
Comment 2 Michael Calmer 2008-11-26 09:16:07 UTC 
A second report about update brake the certificate store.
Maybe the %post is not executed correctly on update?
Comment 3 andreas bittner 2008-11-26 22:52:24 UTC 
i just finished downloading and installing 11.1 rc1 x86 dvd iso image.

installed it over a clean 11.0.

this certificate bug is still in 11.1 rc1. i need to manually do the c_rehash procedure otherwise i get the ssl connection error.

after c_rehash the online registration for repositories/updates is working normally.
Comment 4 Ludwig Nussel 2010-01-25 12:43:49 UTC 
dup

*** This bug has been marked as a duplicate of bug 465974 ***