Request for help with troubleshooting "p11-kit: invalid basic constraints certificate extension"
Ludwig Nussel
ludwig.nussel at suse.de
Fri Aug 8 04:37:57 PDT 2014
Stef Walter schrieb:
> On 08.08.2014 13:14, Ludwig Nussel wrote:
>> Stef Walter schrieb:
>>> On 07.08.2014 17:17, grantksupport at operamail.com wrote:
>>>> When I exec
>>>>
>>>> /usr/sbin/update-ca-certificates -v -f
>>>>
>>>> some -- NOT all! -- of my machines return a some "p11-kit: invalid
>>>> basic constraints certificate extension" messages,
>>>
>>> Could you try out the patches attached to the following bug, and let me
>>> know if it fixes the problem for you?
>>>
>>> https://bugs.freedesktop.org/show_bug.cgi?id=82328
>>
>> I've applied that patches to the 13.1 package:
>> http://download.opensuse.org/repositories/home:/lnussel:/branches:/openSUSE:/13.1:/Update/standard/
>
> Does it fix the issue? Looking for someone else to test it.
In the VM I have it fixes the NULL warnings. I didn't see the error
message the original reporter had.
>> Just curious, why does the code path hit a point where it sees an
>> invalid public key?
>
> This line sets the type field to CKA_INVALID, but then other code still
> assumed the struct was valid without checking the type field.
>
> http://cgit.freedesktop.org/p11-glue/p11-kit/tree/trust/builder.c?h=stable#n643
That can only happen for .p11-kit files, right?
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
More information about the p11-glue
mailing list