734389 – nmap: check if it needs to use own certificate bundle

Bug 734389 - nmap: check if it needs to use own certificate bundle

Summary: nmap: check if it needs to use own certificate bundle

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nmap
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Michal Hlavinka
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-08-30 09:49 UTC by Tomas Hoger
Modified:	2011-12-08 11:06 UTC (History)
CC List:	1 user (show)
Fixed In Version:	nmap-5.51-2.fc17
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-12-08 11:06:28 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Diff of ncat bundle to system bundle (17.07 KB, text/plain) 2011-08-31 15:57 UTC, Tomas Hoger	no flags	Details
View All

Description Tomas Hoger 2011-08-30 09:49:52 UTC

Description of problem:
ncat uses its own bundled certificate bundle (/usr/share/ncat/ca-bundle.crt) by default.  We should review how it differs from the ca-certificte's bundle and see if it really needs to be distributed in nmap packages, or we can make ncat default to using ca-certificate's bundle (via symlink or different compiled-in path).

Comment 1 Tomas Hoger 2011-08-31 15:57:52 UTC

Created attachment 520855 [details]
Diff of ncat bundle to system bundle

This compares subjects of CA certs in ncat ca-bundle.crt to ca-bundle.crt from ca-certificates-2011.75-1.fc16 (which builds the certificate list from Mozilla's / NSS's certdata).

Out of more than 100 certs in ncat bundle, more than 30 are already expired.

Note You need to log in before you can comment on or make changes to this bug.