{"id":8980,"date":"2022-10-26T18:54:08","date_gmt":"2022-10-26T16:54:08","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=8980"},"modified":"2023-12-20T08:41:02","modified_gmt":"2023-12-20T07:41:02","slug":"debian-disable-certificate-crl-check-for-apt","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/debian-disable-certificate-crl-check-for-apt\/","title":{"rendered":"Debian: Disable certificate crl check for apt"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_8980 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_8980')){$('.twoclick_social_bookmarks_post_8980').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Debian%3A%20Disable%20certificate%20crl%20check%20for%20apt\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Athere%20is%20an%20issue%20in%20the%20openssl%20libraries%20%3C%20version%203%20that%20an%20crl%20check%20of%20an%20certificate%20fails%20if%20the%20file%20size%20of%20the%20crl%20file%20is%20greater%20then%20100kB.%0D%0A%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/debian-disable-certificate-crl-check-for-apt\\\/\",\"post_id\":8980,\"post_title_referrer_track\":\"Debian%3A+Disable+certificate+crl+check+for+apt\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>there is an issue in the openssl libraries < version 3 that an crl check of an certificate <a href=\"https:\/\/github.com\/openssl\/openssl\/issues\/8581\" rel=\"noopener\" target=\"_blank\">fails<\/a> if the file size of the crl file is greater then 100kB.<\/p>\n<p><!--more--><\/p>\n<p>If installation of a newer version is not possible then the crl check can be disabled.<\/p>\n<p>For example the host myDebianRepository.myDomain.org contains the debian repository and has a certificate where the corresponding CRL is greater then 100k.<br \/>\n2 Options to disable the crl check:<br \/>\nCreate a file <strong>\/etc\/apt\/apt.conf.d\/99_myDebianRepository.conf<\/strong> with content<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nAcquire::https::myDebianRepository.myDomain.org::Verify-Peer &quot;false&quot;;\r\n<\/pre>\n<p>or set the myDebianRepository as trusted<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\ndeb &#x5B;trusted=yes] https:\/\/myDebianRepository.myDomain.org\/ubuntu bionic main multiverse restricted universe\r\ndeb &#x5B;trusted=yes] https:\/\/myDebianRepository.myDomain.org\/ubuntu bionic-updates main multiverse restricted universe\r\n<\/pre>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, there is an issue in the openssl libraries < version 3 that an crl check of an certificate fails if the file size of the crl file is greater then 100kB.\n<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[870],"tags":[1904,356,1907,335,62,224,1908],"class_list":["post-8980","post","type-post","status-publish","format-standard","hentry","category-debian","tag-apt","tag-check","tag-crl","tag-debian","tag-disable","tag-linux-2","tag-revokation"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8980","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=8980"}],"version-history":[{"count":5,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8980\/revisions"}],"predecessor-version":[{"id":8983,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8980\/revisions\/8983"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=8980"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=8980"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=8980"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}