Following up on the irc comment that Steve Langasek pasted, I can confirm that reverting the patch http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/openssl/oneiric/revision/58#debian/patches/c_rehash-multi.patch followed by update-ca-certificates --fresh (without the workaround Steve added) also corrects the hashing/verification issue. However, it does seem like the c_rehash patch is correcting undesirable behavior on its part.
Following up on the irc comment that Steve Langasek pasted, I can confirm that reverting the patch http:// bazaar. launchpad. net/~ubuntu- branches/ ubuntu/ oneiric/ openssl/ oneiric/ revision/ 58#debian/ patches/ c_rehash- multi.patch followed by update- ca-certificates --fresh (without the workaround Steve added) also corrects the hashing/ verification issue. However, it does seem like the c_rehash patch is correcting undesirable behavior on its part.