Closed
Description
Description
update-ca-certificates blindly concats certificates without concern for a newline at the end of the file. This is concerning in environments where certificates are provided by enterprise teams that may not always have a newline. This issue was fixed in Debian 13 years ago and in Alpine 6 years ago.
Impact
ca-certificates bundle will be invalid, which breaks a number of services.
Environment and steps to reproduce
- Set-up: create a valid pem file in /etc/ssl/certs with no newline at EOF
- Task: execute update-ca-certificates, then attempt a curl
- Action(s):
a. write an valid x.509 PEM file into /etc/ssl/certs with no new line before EOF
b. Executesudo /usr/sbin/update-ca-certificates
c.curl https://flatcar.org - Error:
curl: (77) error setting certificate file: /etc/ssl/certs/ca-certificates.crt
Expected behavior
We would expect curl to complete and show a 301 Moved Permanently.
Additional information
Bugs in Debian & Alpine:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635570
https://gitlab.alpinelinux.org/alpine
5AC8
/aports/-/issues/8379
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
Implemented