Is this really the entirety of the bug? With the new openssl but the old ca-certificates, I ran:
$ sudo update-ca-certificates --fresh
...
$ ls -l /usr/lib/ssl/certs/55a10908.0
lrwxrwxrwx 1 root root 19 2011-09-21 13:27 /usr/lib/ssl/certs/55a10908.0 -> ca-certificates.crt
$ curl -sS http://launchpad.net
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://launchpad.net/">here</a>.</p>
<hr>
<address>Apache/2.2.14 (Ubuntu) Server at launchpad.net Port 80</address>
</body></html>
What am I missing? While we could certainly change c_rehash to make sure it always prefers .pem files over .crt (and that might be preferable anyway), I wonder why libssl is unable to deal with the .crt files ...
Is this really the entirety of the bug? With the new openssl but the old ca-certificates, I ran:
$ sudo update- ca-certificates --fresh ssl/certs/ 55a10908. 0 ssl/certs/ 55a10908. 0 -> ca-certificates.crt launchpad. net /launchpad. net/">here</a>.</p> Apache/ 2.2.14 (Ubuntu) Server at launchpad.net Port 80</address>
...
$ ls -l /usr/lib/
lrwxrwxrwx 1 root root 19 2011-09-21 13:27 /usr/lib/
$ curl -sS http://
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https:/
<hr>
<address>
</body></html>
What am I missing? While we could certainly change c_rehash to make sure it always prefers .pem files over .crt (and that might be preferable anyway), I wonder why libssl is unable to deal with the .crt files ...