Ask / Submit
29

Outdated ca-certificates

Tracked by Jolla

asked 2016-08-21 12:03:25 +0200

Fenuks gravatar image

updated 2016-08-21 13:01:40 +0200

Federico gravatar image

@Federico is right, it is an issue worth separate question.

Package ca-certificates in SailfishOS has version 2014.2.1, meaning it's outdated by 2 years. It is a security issue, as SailfishOS will still trust certificates revoked since then (due to being compromised among other reasons).

Along with tzdata package, it requires regular updates, as certificates are being issued and revoked quite often, new CAs come (Let's Encrypt went into beta in 2015).


It is possible installing ca-certificates from CentOS will work fine, but I haven't tested it yet. Latest rpm can be fund here — http://mirror.centos.org/centos/6/os/i386/Packages/ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm
Please note it's marked 2015, so it is still a bit outdated too. Newer are in Debian Sid and latest Fedora, so it can be considered testing.

edit retag flag offensive close delete

Comments

According to mer gitlab (https://git.merproject.org/mer-core/ca-certificates), they're using Fedora as upstream for ca-certificates. Looks like it does not have a maintainer.
I've contanted mer-project regarding this, hope they can fix it and/or find a maintainer.

Fenuks ( 2016-08-29 09:37:22 +0200 )edit

1 Answer

Sort by » oldest newest most voted
8

answered 2017-05-01 10:15:52 +0200

Fenuks gravatar image

Bumping this one too, as ca-certs haven't been updated. Browser seem to use separate CA database, but other programs, especially cli ones like curl use CAs from the package, that is still ca-certificates-2014.2.1-1.4.2.noarch.

Latest rpm packages from CentOS7:
http://mirror.centos.org/centos-7/7/updates/x86_64/Packages/ca-certificates-2017.2.11-70.1.el7_3.noarch.rpm
It can be downloaded and installed with:
devel-su rpm -if ca-certificates-2017.2.11-70.1.el7_3.noarch.rpm

But it is a lot better to have it in SailfishOS repositories.

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
8 followers

Stats

Asked: 2016-08-21 12:03:25 +0200

Seen: 472 times

Last updated: May 01