Bug 734389 - nmap: check if it needs to use own certificate bundle
Summary: nmap: check if it needs to use own certificate bundle
Alias: None
Product: Fedora
Classification: Fedora
Component: nmap
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Michal Hlavinka
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2011-08-30 09:49 UTC by Tomas Hoger
Modified: 2011-12-08 11:06 UTC (History)
1 user (show)

Fixed In Version: nmap-5.51-2.fc17
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-12-08 11:06:28 UTC
Type: ---

Attachments (Terms of Use)
Diff of ncat bundle to system bundle (17.07 KB, text/plain)
2011-08-31 15:57 UTC, Tomas Hoger
no flags Details

Description Tomas Hoger 2011-08-30 09:49:52 UTC
Description of problem:
ncat uses its own bundled certificate bundle (/usr/share/ncat/ca-bundle.crt) by default.  We should review how it differs from the ca-certificte's bundle and see if it really needs to be distributed in nmap packages, or we can make ncat default to using ca-certificate's bundle (via symlink or different compiled-in path).

Comment 1 Tomas Hoger 2011-08-31 15:57:52 UTC
Created attachment 520855 [details]
Diff of ncat bundle to system bundle

This compares subjects of CA certs in ncat ca-bundle.crt to ca-bundle.crt from ca-certificates-2011.75-1.fc16 (which builds the certificate list from Mozilla's / NSS's certdata).

Out of more than 100 certs in ncat bundle, more than 30 are already expired.

Note You need to log in before you can comment on or make changes to this bug.