ca-certificates: untrusted certificate messages during configure

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

ca-certificates: untrusted certificate messages during configure

Pavel Volkov
This is what I saw during last emerge of ca-certificates:

>>> Configuring source in /var/tmp/portage/app-misc/ca-certificates-20140223.3.15.5/work ...
>>> Source configured.
>>> Compiling source in /var/tmp/portage/app-misc/ca-certificates-20140223.3.15.5/work ...
make -j5 -C /var/tmp/portage/app-misc/ca-certificates-20140223.3.15.5/work/ca-certificates/mozilla
make: Entering directory '/var/tmp/portage/app-misc/ca-certificates-20140223.3.15.5/work/ca-certificates/mozilla'
python certdata2pem.py
Ignoring certificate "UTN-USER First-Network Applications".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
Ignoring certificate "UTN USERFirst Object Root CA".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
Certificate "MD5 Collisions Forged Rogue CA 25c3" blacklisted, ignoring.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrusted AC DG Tresor SSL"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ignoring certificate "TC TrustCenter Universal CA III".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Mozilla Addons"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

(and some more if that)

So since there so many exclamation marks I decided to dig a bit more into this.
What is the meaning of the message and how should I deal with it?

Reply | Threaded
Open this post in threaded view
|

Re: ca-certificates: untrusted certificate messages during configure

James-2
Pavel Volkov <negaipub <at> gmail.com> writes:


> This is what I saw during last emerge of ca-certificates:
> What is the meaning of the message and how should I deal with it?

Dunno.

But, here is what I did. I just re-emerge ca-certificates:

 emerge -1 ca-certificates

Here are the simple insttuctions I received:



>>> Installing (1 of 1) app-misc/ca-certificates-20130906
 * Broken symlink for a certificate at /etc/ssl/certs/4597689c.0
 * Broken symlink for a certificate at /etc/ssl/certs/b097d71d.0
 * Broken symlink for a certificate at /etc/ssl/certs/656b3e35.0
 * Broken symlink for a certificate at /etc/ssl/certs/9818ca0b.0
 * You MUST remove the above broken symlinks
 * Otherwise any SSL validation that use the directory may fail!
 * To batch-remove them, run:
 * find -L /etc/ssl/certs/ -type l -exec rm {} +
>>> Auto-cleaning packages...


Seems pretty straightforward to me......

YMMV,
hth,
James





Reply | Threaded
Open this post in threaded view
|

Re: ca-certificates: untrusted certificate messages during configure

Pavel Volkov
On Thursday 20 March 2014 11:55:07 James wrote:

> But, here is what I did. I just re-emerge ca-certificates:
>
>  emerge -1 ca-certificates
>
> Here are the simple insttuctions I received:
> >>> Installing (1 of 1) app-misc/ca-certificates-20130906
>
>  * Broken symlink for a certificate at /etc/ssl/certs/4597689c.0
>  * Broken symlink for a certificate at /etc/ssl/certs/b097d71d.0
>  * Broken symlink for a certificate at /etc/ssl/certs/656b3e35.0
>  * Broken symlink for a certificate at /etc/ssl/certs/9818ca0b.0
>  * You MUST remove the above broken symlinks
>  * Otherwise any SSL validation that use the directory may fail!
>  * To batch-remove them, run:
>  * find -L /etc/ssl/certs/ -type l -exec rm {} +
>
> >>> Auto-cleaning packages...
>
> Seems pretty straightforward to me......

Yes, I did this symlink killing, too.
The messages I showed were displayed after that act (on next emerge, I don't
if the version changed though).

Reply | Threaded
Open this post in threaded view
|

Re: ca-certificates: untrusted certificate messages during configure

James-2
Pavel Volkov <negaipub <at> gmail.com> writes:


> >  * To batch-remove them, run:
> >  * find -L /etc/ssl/certs/ -type l -exec rm {} +

> > Seems pretty straightforward to me......

> Yes, I did this symlink killing, too.
> The messages I showed were displayed after that act (on next emerge, I
> don't if the version changed though).


Dunno.

Mine came back clean, after the removing the offending files
and compiling (emerging) it the second time;

You did your routine commands after the  between and after the second emerge?

Your python is all clean and updated? (run python-updater?)

poke around it has to be something; I can only guess.....


James




Reply | Threaded
Open this post in threaded view
|

Re: ca-certificates: untrusted certificate messages during configure

Tom Wijsman-2
In reply to this post by Pavel Volkov
On Thu, 20 Mar 2014 09:51:19 +0400
Pavel Volkov <[hidden email]> wrote:

> This is what I saw during last emerge of ca-certificates:

There are some bugs for ca-certificates, list:

    https://bugs.gentoo.org/buglist.cgi?quicksearch=ca-certificates

Of particular interest:

    https://bugs.gentoo.org/show_bug.cgi?id=475352 (QA involved)

Also make sure you have read the post installation messages.

Other than that, I suggest you wait until resolution; there have been
reports here and there, so, I assume it'll be fixed in the near future.

--
With kind regards,

Tom Wijsman (TomWij)
Gentoo Developer

E-mail address  : [hidden email]
GPG Public Key  : 6D34E57D
GPG Fingerprint : C165 AF18 AB4C 400B C3D2  ABF0 95B2 1FCD 6D34 E57D