ca-certificates: Symantec CA blacklisted for non-TLS uses
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ca-certificates (Debian) |
Fix Released
|
Unknown
|
|||
ca-certificates (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Fix Released
|
High
|
Marc Deslauriers | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
~$ lsb_release -rd
Description: Ubuntu 20.10
Release: 20.10
~$ apt list --installed | grep ca-certificates
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
ca-certificates
Repro steps:
1. Open Terminal.
2. Execute:
wget https:/
chmod +x ./dotnet-install.sh
./dotnet-
export DOTNET_
export PATH=$PATH:
dotnet new console
dotnet add package System.
Expected result:
Package restore will succeed.
Actual result:
Package restore fails with:
error: NU3028: Package 'System.
There has been a planned process to distrust Symantec certificates in the certificate store over the past two years. The Debian ca-certificates package removed this CA for both TLS (expected) and other uses (like timestamping) (unexpected). Trust was added back in a subsequent update. See https:/
summary: |
- ca-certificates: Symantec CA blacklisted + ca-certificates: Symantec CA blacklisted for non-TLS uses |
Changed in ca-certificates (Debian): | |
status: | Unknown → Fix Committed |
Changed in ca-certificates (Ubuntu Hirsute): | |
status: | Fix Committed → Fix Released |
Changed in ca-certificates (Debian): | |
status: | Fix Committed → Fix Released |
Status changed to 'Confirmed' because the bug affects multiple users.