Debian: Disable certificate crl check for apt

Hi,

there is an issue in the openssl libraries < version 3 that an crl check of an certificate fails if the file size of the crl file is greater then 100kB.

If installation of a newer version is not possible then the crl check can be disabled.

For example the host myDebianRepository.myDomain.org contains the debian repository and has a certificate where the corresponding CRL is greater then 100k.
2 Options to disable the crl check:
Create a file /etc/apt/apt.conf.d/99_myDebianRepository.conf with content

Acquire::https::myDebianRepository.myDomain.org::Verify-Peer "false";

or set the myDebianRepository as trusted

deb [trusted=yes] https://myDebianRepository.myDomain.org/ubuntu bionic main multiverse restricted universe
deb [trusted=yes] https://myDebianRepository.myDomain.org/ubuntu bionic-updates main multiverse restricted universe

Michael

Leave a Reply