We have moved to a new Sailfish OS Forum. Please start new discussions there.

Outdated ca-certificates

Tracked by Jolla (In release)

asked 2016-08-21 12:03:25 +0300

Fenuks gravatar image

updated 2016-08-21 13:01:40 +0300

Federico gravatar image

@Federico is right, it is an issue worth separate question.

Package ca-certificates in SailfishOS has version 2014.2.1, meaning it's outdated by 2 years. It is a security issue, as SailfishOS will still trust certificates revoked since then (due to being compromised among other reasons).

Along with tzdata package, it requires regular updates, as certificates are being issued and revoked quite often, new CAs come (Let's Encrypt went into beta in 2015).

It is possible installing ca-certificates from CentOS will work fine, but I haven't tested it yet. Latest rpm can be fund here — http://mirror.centos.org/centos/6/os/i386/Packages/ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm
Please note it's marked 2015, so it is still a bit outdated too. Newer are in Debian Sid and latest Fedora, so it can be considered testing.

edit retag flag offensive close delete


According to mer gitlab (https://git.merproject.org/mer-core/ca-certificates), they're using Fedora as upstream for ca-certificates. Looks like it does not have a maintainer.
I've contanted mer-project regarding this, hope they can fix it and/or find a maintainer.

Fenuks ( 2016-08-29 09:37:22 +0300 )edit

1 Answer

Sort by » oldest newest most voted

answered 2017-05-01 10:15:52 +0300

Fenuks gravatar image

Bumping this one too, as ca-certs haven't been updated. Browser seem to use separate CA database, but other programs, especially cli ones like curl use CAs from the package, that is still ca-certificates-2014.2.1-1.4.2.noarch.

Latest rpm packages from CentOS7:
It can be downloaded and installed with:
devel-su rpm -if ca-certificates-2017.2.11-70.1.el7_3.noarch.rpm

But it is a lot better to have it in SailfishOS repositories.

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools



Asked: 2016-08-21 12:03:25 +0300

Seen: 671 times

Last updated: May 01 '17