Request for help with troubleshooting "p11-kit: invalid basic constraints certificate extension"
Ludwig Nussel
ludwig.nussel at suse.de
Fri Aug 8 04:14:28 PDT 2014
Stef Walter schrieb:
> On 07.08.2014 17:17, grantksupport at operamail.com wrote:
>> I've tried repeatedly to get subscribed @ p11-glue LIST; can't seem
>> to get a response from the list daemon. So, mailing you directly --
>> hoping you might spare a moment to comment?
>>
>> I run Opensuse 13.1
>>
>> I've installed,
>>
>> rpm -qa | egrep -i "ca-certificates|pkcs11" | sort
>> ca-certificates-1_201312011643-4.1.noarch
>> ca-certificates-cacert-1-15.1.2.noarch
>> ca-certificates-mozilla-1.97-3.12.1.noarch
>> libpkcs11-helper1-1.09-5.1.2.x86_64 pam_pkcs11-0.6.8-4.1.1.x86_64
>> pkcs11-helper-1.09-5.1.2.x86_64
>>
>> When I exec
>>
>> /usr/sbin/update-ca-certificates -v -f
>>
>> some -- NOT all! -- of my machines return a some "p11-kit: invalid
>> basic constraints certificate extension" messages,
>
> Could you try out the patches attached to the following bug, and let me
> know if it fixes the problem for you?
>
> https://bugs.freedesktop.org/show_bug.cgi?id=82328
I've applied that patches to the 13.1 package:
http://download.opensuse.org/repositories/home:/lnussel:/branches:/openSUSE:/13.1:/Update/standard/
Just curious, why does the code path hit a point where it sees an
invalid public key?
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
More information about the p11-glue
mailing list