Your message dated Sat, 07 Sep 2013 06:48:20 +0000 with message-id <[email protected]> and subject line Bug#721726: fixed in gnutls28 3.2.4-2 has caused the Debian Bug report #721726, regarding gnutls-bin: Error setting the x509 trust file to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 721726: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721726 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: gnutls-bin Version: 3.2.4-1 Severity: normal Control: notfound -1 3.2.3-1 with version 3.2.4-1 (from experimental), loading the system trust file fails with "Error setting the x509 trust file", which means that no certificates can be verified upon load. If i manually supply --x509cafile /etc/ssl/certs/ca-certificates.crt, then it works as expected. This misbehavior does not happen in 3.2.3-1. 0 dkg@alice:~$ gnutls-cli google.com Error setting the x509 trust file Resolving 'google.com'... Connecting to '2607:f8b0:4006:802::1001:443'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `C=US,ST=California,L=Mountain View,O=Google Inc,CN=*.google.com', issuer `C=US,O=Google Inc,CN=Google Internet Authority G2', EC key 256 bits, signed using RSA-SHA1, activated `2013-08-14 22:06:49 UTC', expires `2014-08-14 22:06:49 UTC', SHA-1 fingerprint `7818f633b9a6f7481de186dd5054580633df1ca9' Public Key Id: 418ec51539387160b7ae73e92cdd41832f6015e5 Public key's random art: +--[ EC 256]----+ | .*=*=. | | *+o+o | | . oo.oE | | oo. o | | .S..o . | | ...o | | o.oo . | | .=. . | | .o | +-----------------+ - Certificate[1] info: - subject `C=US,O=Google Inc,CN=Google Internet Authority G2', issuer `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-04-05 15:15:55 UTC', expires `2015-04-04 15:15:55 UTC', SHA-1 fingerprint `d83c1a7f4d0446bb2081b81a1670f8183451ca24' - Certificate[2] info: - subject `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', issuer `C=US,O=Equifax,OU=Equifax Secure Certificate Authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2002-05-21 04:00:00 UTC', expires `2018-08-21 04:00:00 UTC', SHA-1 fingerprint `7359755c6df9a0abc3060bce369564c8ec4542a3' - Status: The certificate is NOT trusted. The certificate issuer is unknown. *** Verifying server certificate failed... *** Fatal error: Error in the certificate. *** Handshake has failed GnuTLS error: Error in the certificate. 1 dkg@alice:~$ gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt google.com Processed 158 CA certificate(s). Resolving 'google.com'... Connecting to '2607:f8b0:4006:802::1001:443'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `C=US,ST=California,L=Mountain View,O=Google Inc,CN=*.google.com', issuer `C=US,O=Google Inc,CN=Google Internet Authority G2', EC key 256 bits, signed using RSA-SHA1, activated `2013-08-14 22:06:49 UTC', expires `2014-08-14 22:06:49 UTC', SHA-1 fingerprint `7818f633b9a6f7481de186dd5054580633df1ca9' Public Key Id: 418ec51539387160b7ae73e92cdd41832f6015e5 Public key's random art: +--[ EC 256]----+ | .*=*=. | | *+o+o | | . oo.oE | | oo. o | | .S..o . | | ...o | | o.oo . | | .=. . | | .o | +-----------------+ - Certificate[1] info: - subject `C=US,O=Google Inc,CN=Google Internet Authority G2', issuer `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-04-05 15:15:55 UTC', expires `2015-04-04 15:15:55 UTC', SHA-1 fingerprint `d83c1a7f4d0446bb2081b81a1670f8183451ca24' - Certificate[2] info: - subject `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', issuer `C=US,O=Equifax,OU=Equifax Secure Certificate Authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2002-05-21 04:00:00 UTC', expires `2018-08-21 04:00:00 UTC', SHA-1 fingerprint `7359755c6df9a0abc3060bce369564c8ec4542a3' - Status: The certificate is trusted. - Description: (TLS1.2-PKIX)-(ECDHE-ECDSA-SECP256R1)-(AES-128-GCM)-(AEAD) - Session ID: 32:82:68:D1:D5:1A:BA:AF:4A:52:76:1E:AA:07:60:3A:14:13:6C:56:08:8C:83:30:71:0E:0B:67:7B:69:61:13 - Ephemeral EC Diffie-Hellman parameters - Using curve: SECP256R1 - Curve size: 256 bits - Version: TLS1.2 - Key Exchange: ECDHE-ECDSA - Server Signature: ECDSA-SHA256 - Cipher: AES-128-GCM - MAC: AEAD - Compression: NULL - Handshake was completed - Simple Client Mode: 0 dkg@alice:~$ --dkg -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.11-rc4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnutls-bin depends on: ii libc6 2.17-92 ii libgmp10 2:5.1.2+dfsg-2 ii libgnutls28 3.2.4-1 ii libhogweed2 2.7.1-1 ii libidn11 1.28-1 ii libnettle4 2.7.1-1 ii libopts25 1:5.18-2 ii libp11-kit0 0.18.5-2 ii libtasn1-6 3.3-2 ii zlib1g 1:1.2.8.dfsg-1 gnutls-bin recommends no packages. gnutls-bin suggests no packages. -- debconf-show failed
--- End Message ---
--- Begin Message ---Source: gnutls28 Source-Version: 3.2.4-2 We believe that the bug you reported is fixed in the latest version of gnutls28, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <[email protected]> (supplier of updated gnutls28 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Format: 1.8 Date: Sat, 07 Sep 2013 08:10:17 +0200 Source: gnutls28 Binary: libgnutls28-dev libgnutls28 libgnutls28-dbg gnutls-bin gnutls-doc guile-gnutls libgnutlsxx28 libgnutls-xssl0 Architecture: source i386 all Version: 3.2.4-2 Distribution: unstable Urgency: low Maintainer: Debian GnuTLS Maintainers <[email protected]> Changed-By: Andreas Metzler <[email protected]> Description: gnutls-bin - GNU TLS library - commandline utilities gnutls-doc - GNU TLS library - documentation and examples guile-gnutls - GNU TLS library - GNU Guile bindings libgnutls-xssl0 - GNU TLS library - XSSL API runtime library libgnutls28 - GNU TLS library - main runtime library libgnutls28-dbg - GNU TLS library - debugger symbols libgnutls28-dev - GNU TLS library - development files libgnutlsxx28 - GNU TLS library - C++ runtime library Closes: 721725 721726 Changes: gnutls28 (3.2.4-2) unstable; urgency=low . * Manpages were missing on binary-only builds. Closes: #721725 * Build with --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since ca-certificates not pulled in by build-dependencies anymore. Closes: #721726 * Upload to unstable. Checksums-Sha1: fa65667faf4d979b641eca6efc5a6f5a0e83a109 2024 gnutls28_3.2.4-2.dsc a7bb91b90cd76b75f483681e63c2f5e25d327977 30956 gnutls28_3.2.4-2.debian.tar.gz 22b4177b570ecc5a0bb52e3b2a9e893dcf2bc0a7 578532 libgnutls28-dev_3.2.4-2_i386.deb 4f05021188408c7580a0cdf104e1f5249a7ae336 604214 libgnutls28_3.2.4-2_i386.deb 59fb0e6facca7b871f4e3df3aab980dbdc662f2b 2013336 libgnutls28-dbg_3.2.4-2_i386.deb 0a9f390f27c558c9c9cf7da2a5512b7b950ed90b 262154 gnutls-bin_3.2.4-2_i386.deb d560fbce444a2298da1ecc71d2957fcda0334c01 3349908 gnutls-doc_3.2.4-2_all.deb bb8fd015b0e8b4c6e57d4cbf12283fc145f206e6 162826 guile-gnutls_3.2.4-2_i386.deb 3e0d31ab7ec5f4ff0507c2c578642919d5d30515 15300 libgnutlsxx28_3.2.4-2_i386.deb c8b31c466559cf0442583016722efe30d361b570 14010 libgnutls-xssl0_3.2.4-2_i386.deb Checksums-Sha256: ebdaacc501adae123deba2b948c9ac23ed78e5733b14eb0241b1f56038de8b0d 2024 gnutls28_3.2.4-2.dsc 2308d06c73f70844d9c69d94490628be19b37cc5e3dde8c8c8579301910b7209 30956 gnutls28_3.2.4-2.debian.tar.gz 88af1ba543fcef7de5d37152a3ca51deb01a46ce298422f80c87c6fef6a83167 578532 libgnutls28-dev_3.2.4-2_i386.deb 764d3b7b0b7e8c5fc35c55b768761a2f24564e8dd6893fd725406c2a9a330b4a 604214 libgnutls28_3.2.4-2_i386.deb 5586d18850ea66b67cd5f95a3418efce550935b3974a50d1ad6fa254716b1578 2013336 libgnutls28-dbg_3.2.4-2_i386.deb 8b7522475c04b49d35f49e49787f3ff90ce831a640811ce4d15a404f7b08de51 262154 gnutls-bin_3.2.4-2_i386.deb d3cbfe0d2a2763cebef7e22dec0691d9e7f3f849732ef59c664f53cc367697ac 3349908 gnutls-doc_3.2.4-2_all.deb ebdeefe9107ab7e57b7b75b19d23511212bd0664230cd5445e9351404c4b06ce 162826 guile-gnutls_3.2.4-2_i386.deb 52924d7a0513cff5d0a0b44b302b0e1ee359c967473f2259a3ecc6d10a4584e2 15300 libgnutlsxx28_3.2.4-2_i386.deb 4347badc88f9ade7af7ca5d10aa9e5fd435a78a9d4f76ef5fccafa0def573335 14010 libgnutls-xssl0_3.2.4-2_i386.deb Files: 4bc54ed571b5bc32dd4dffb298799f54 2024 libs optional gnutls28_3.2.4-2.dsc db37451ed5f91b2b96a9b65e0eecd77b 30956 libs optional gnutls28_3.2.4-2.debian.tar.gz 584277b7351081d3fc687327bb1f3b93 578532 libdevel optional libgnutls28-dev_3.2.4-2_i386.deb cfe67cb804386dc66c7f01b18d34811c 604214 libs standard libgnutls28_3.2.4-2_i386.deb 2798dc70ea56e99493f8593176484fbe 2013336 debug extra libgnutls28-dbg_3.2.4-2_i386.deb dfcac16378d1b51aef364632af868c38 262154 net optional gnutls-bin_3.2.4-2_i386.deb 061dc5f1e974cdc38f4b9249441098b1 3349908 doc optional gnutls-doc_3.2.4-2_all.deb 1eb421db842240e124756aabdbe1f671 162826 lisp optional guile-gnutls_3.2.4-2_i386.deb 211b5badd817366d6e168a6699fd5352 15300 libs extra libgnutlsxx28_3.2.4-2_i386.deb a418125164810e47014a92ea31d87617 14010 libs extra libgnutls-xssl0_3.2.4-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEAREDAAYFAlIqyw4ACgkQHTOcZYuNdmMX7QCfX8jdMUY/fOMUqAJB/8gmZC10 NyUAn3iaEeRQrKBmsYxb5RyqQmsKNNH6 =j4sp -----END PGP SIGNATURE-----
--- End Message ---
