Debian: Disable certificate crl check for apt

Hi,

there is an issue in the openssl libraries fails if the file size of the crl file is greater then 100kB.

If installation of a newer version is not possible then the crl check can be disabled.

For example the host myDebianRepository.myDomain.org contains the debian repository and has a certificate where the corresponding CRL is greater then 100k.
2 Options to disable the crl check:
Create a file /etc/apt/apt.conf.d/99_myDebianRepository.conf with content

Acquire::https::myDebianRepository.myDomain.org::Verify-Peer "false";

or set the myDebianRepository as trusted

deb [trusted=yes] https://myDebianRepository.myDomain.org/ubuntu bionic main multiverse restricted universe
deb [trusted=yes] https://myDebianRepository.myDomain.org/ubuntu bionic-updates main multiverse restricted universe

Michael

Leave a Reply Cancel reply