Bug 734389

Summary: nmap: check if it needs to use own certificate bundle
Product: [Fedora] Fedora Reporter: Tomas Hoger <thoger>
Component: nmapAssignee: Michal Hlavinka <mhlavink>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: mhlavink
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nmap-5.51-2.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-08 11:06:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
Diff of ncat bundle to system bundle none

Description Tomas Hoger 2011-08-30 09:49:52 UTC
Description of problem:
ncat uses its own bundled certificate bundle (/usr/share/ncat/ca-bundle.crt) by default.  We should review how it differs from the ca-certificte's bundle and see if it really needs to be distributed in nmap packages, or we can make ncat default to using ca-certificate's bundle (via symlink or different compiled-in path).

Comment 1 Tomas Hoger 2011-08-31 15:57:52 UTC
Created attachment 520855 [details]
Diff of ncat bundle to system bundle

This compares subjects of CA certs in ncat ca-bundle.crt to ca-bundle.crt from ca-certificates-2011.75-1.fc16 (which builds the certificate list from Mozilla's / NSS's certdata).

Out of more than 100 certs in ncat bundle, more than 30 are already expired.