Summary: | Private key in /etc/ssl/certs/ca-cert.pem | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sascha Silbe <sascha-gentoo-bugzilla> |
Component: | Current packages | Assignee: | Daniel Ahlberg (RETIRED) <aliz> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | CC: | bugs--gentoo.org, carlo, jonnyro, stian, vapier |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sascha Silbe
2004-04-08 04:49:11 UTC
Same with several other certificate files in /etc/ssl/certs: sascha@cube:/etc/ssl/certs$ grep PRIVATE *.pem ca-cert.pem:-----BEGIN RSA PRIVATE KEY----- ca-cert.pem:-----END RSA PRIVATE KEY----- dsa-ca.pem:-----BEGIN DSA PRIVATE KEY----- dsa-ca.pem:-----END DSA PRIVATE KEY----- dsa-pca.pem:-----BEGIN DSA PRIVATE KEY----- dsa-pca.pem:-----END DSA PRIVATE KEY----- pca-cert.pem:-----BEGIN RSA PRIVATE KEY----- pca-cert.pem:-----END RSA PRIVATE KEY----- WTF is this? the certs are copied from the tarball of openssl themselves ... it's not like they were generated by the ebuild as such ... Is the ca-cert key supposed to match the root key from ca-cert.org? Because it doesnt seem to. The dates are different, so are the CN fields. One is labeled as a Test Certificate I'm looking at /etc/ssl/certs/ca-cert.pem and http://www.cacert.org/cacert.crt This is where I check the one that came with the openssl package. Note the CN says "Test PCA" ---------------------------------------------------------------- #cd /etc/ssl/certs #openssl x509 -noout -in ./ca-cert.pem -issuer -dates -subject -hash -fingerprint -subject issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit) notBefore=Dec 2 21:38:51 1999 GMT notAfter=Jul 10 21:38:51 2005 GMT 1f6c59cd MD5 Fingerprint=EF:02:83:EA:AC:AF:6A:D0:8D:4F:56:A8:2B:A1:C5:D3 subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) And this one is from cacert.org. The CN now says "CA Cert Signing" ------------------------------------------------------------------- #cd /tmp #wget http://www.cacert.org/cacert.crt #openssl x509 -noout -in ./cacert.crt -issuer -dates -subject -hash -fingerprint -subject issuer= /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org notBefore=Mar 30 12:29:49 2003 GMT notAfter=Mar 29 12:29:49 2033 GMT 5ed36f99 MD5 Fingerprint=A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B subject= /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org files come from upstream |