| 1 |
On Sat, May 29, 2021 at 03:08:39AM +0200, zcampe@×××××.com wrote |
| 2 |
> |
| 3 |
> 125 config files in /etc/ssl/certs needs update. |
| 4 |
> |
| 5 |
> For certificates I would expect the old and invalid ones to be replaced |
| 6 |
> by newer ones without user intervention. |
| 7 |
|
| 8 |
Looking through them is "interesting". There seem to be a lot of |
| 9 |
/etc/ssl/certs/????????.0 files, where "?" is either a random number or |
| 10 |
a lower case letter. These all seem to be symlinks to |
| 11 |
/etc/ssl/certs/<Some_Name>.pem. Each of those files is in turn a |
| 12 |
symlink to /usr/share/ca-certificates/mozilla/<Some_Name>.crt. How much |
| 13 |
do we trust China? There are a couple of certificates in there named |
| 14 |
/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt and |
| 15 |
/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt. Any |
| 16 |
other suspicious regimes in there? |
| 17 |
|
| 18 |
-- |
| 19 |
Walter Dnes <waltdnes@××××××××.org> |
| 20 |
I don't run "desktop environments"; I run useful applications |
Archives