Your message dated Mon, 27 Jun 2016 14:51:17 +0200
with message-id <[email protected]>
and subject line Re: Bug#812488: libsms-send-perl: After upgrade: Can't send
SMS: 500 Can't connect to api.twilio.com:443 (certificate verify failed)
has caused the Debian Bug report #812488,
regarding Alternative chain verification failure after 1024b root CAs removal
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
812488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812488
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: ca-certificates: on fresh debian install typical ssl session fails on
Thawte certificates
Package: ca-certificates
Version: 20141019+deb8u1
Severity: normal
Dear Maintainer,
After updating from Debian Jessie 8.2 to 8.3 some certificates got broken. When
I run command:
echo GET | openssl s_client -connectwww.ecod.pl:443 2>&1 | head -n3
the result is:
depth=2 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU =
"(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA
verify error:num=20:unable to get local issuer certificate
verify return:0
I have done fresh Debian Jessie installation. Certificate verification also
fails.
To solve the problem I have had to copy /etc/ssl/certs and
/usr/share/ca-certificates directories from Ubuntu.
-- System Information:
Debian Release: 8.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.16.0-4-586
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ca-certificates depends on:
ii debconf [debconf-2.0] 1.5.56
ii openssl 1.0.1k-3+deb8u2
ca-certificates recommends no packages.
ca-certificates suggests no packages.
-- debconf information:
ca-certificates/new_crts:
ca-certificates/trust_new_crts: yes
ca-certificates/title:
ca-certificates/enable_crts: mozilla/ACCVRAIZ1.crt, mozilla/ACEDICOM_Root.crt, mozilla/AC_Raíz_Certicámara_S.A..crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/ApplicationCA_-_Japanese_Government.crt, mozilla/Atos_TrustedRoot_2011.crt,
mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt,
mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_CA_1.crt,
mozilla/Buypass_Class_2_Root_CA.crt,
mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig.crt,
mozilla/CA_Disig_Root_R1.crt, mozilla/CA_Disig_Root_R2.crt,
mozilla/Camerfirma_Chambers_of_Commerce_Root.crt,
mozilla/Camerfirma_Global_Chambersign_Root.crt,
mozilla/CA_WoSign_ECC_Root.crt,
mozilla/Certification_Authority_of_WoSign_G2.crt, mozilla/Certigna.crt,
mozilla/Certinomis_-_Autorité_Racine.crt, mozilla/Certinomis_-_Root_CA.crt,
mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/certSIGN_ROOT_CA.crt,
mozilla/Certum_Root_CA.crt, mozilla/Certum_Trusted_Network_CA.crt,
mozilla/CFCA_EV_ROOT.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt,
mozilla/China_Internet_Network_Information_Center_EV_Certificates_Root.crt,
mozilla/CNNIC_ROOT.crt, mozilla/Comodo_AAA_Services_root.crt,
mozilla/COMODO_Certification_Authority.crt,
mozilla/COMODO_ECC_Certification_Authority.crt,
mozilla/COMODO_RSA_Certification_Authority.crt,
mozilla/Comodo_Secure_Services_root.crt,
mozilla/Comodo_Trusted_Services_root.crt, mozilla/ComSign_CA.crt,
mozilla/Cybertrust_Global_Root.crt,
mozilla/Deutsche_Telekom_Root_CA_2.crt,
mozilla/DigiCert_Assured_ID_Root_CA.crt,
mozilla/DigiCert_Assured_ID_Root_G2.crt,
mozilla/DigiCert_Assured_ID_Root_G3.crt,
mozilla/DigiCert_Global_Root_CA.crt,
mozilla/DigiCert_Global_Root_G2.crt,
mozilla/DigiCert_Global_Root_G3.crt,
mozilla/DigiCert_High_Assurance_EV_Root_CA.crt,
mozilla/DigiCert_Trusted_Root_G4.crt, mozilla/DST_ACES_CA_X6.crt,
mozilla/DST_Root_CA_X3.crt, mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt,
mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt,
mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt,
mozilla/EC-ACC.crt, mozilla/EE_Certification_Centre_Root_CA.crt,
mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt,
mozilla/Entrust_Root_Certification_Authority.crt,
mozilla/Entrust_Root_Certification_Authority_-_EC1.crt, mozilla/Entrust_Root_Certification_Authority_-_G2.crt, mozilla/ePKI_Root_Certification_Authority.crt,
mozilla/Equifax_Secure_CA.crt,
mozilla/Equifax_Secure_eBusiness_CA_1.crt,
mozilla/Equifax_Secure_Global_eBusiness_CA.crt,
mozilla/E-Tugra_Certification_Authority.crt,
mozilla/GeoTrust_Global_CA_2.crt, mozilla/GeoTrust_Global_CA.crt,
mozilla/GeoTrust_Primary_Certification_Authority.crt,
mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA_2.crt,
mozilla/GeoTrust_Universal_CA.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/GlobalSign_ECC_Root_CA_-_R4.crt, mozilla/GlobalSign_ECC_Root_CA_-_R5.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/Go_Daddy_Class_2_CA.crt,
mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt,
mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt,
mozilla/Hongkong_Post_Root_CA_1.crt,
mozilla/IdenTrust_Commercial_Root_CA_1.crt,
mozilla/IdenTrust_Public_Sector_Root_CA_1.crt, mozilla/IGC_A.crt,
mozilla/Izenpe.com.crt, mozilla/Juur-SK.crt,
mozilla/Microsec_e-Szigno_Root_CA_2009.crt,
mozilla/Microsec_e-Szigno_Root_CA.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/Network_Solutions_Certificate_Authority.crt,
mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt,
mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt, mozilla/PSCProcert.crt,
mozilla/QuoVadis_Root_CA_1_G3.crt, mozilla/QuoVadis_Root_CA_2.crt,
mozilla/QuoVadis_Root_CA_2_G3.crt, mozilla/QuoVadis_Root_CA_3.crt,
mozilla/QuoVadis_Root_CA_3_G3.crt, mozilla/QuoVadis_Root_CA.crt,
mozilla/Root_CA_Generalitat_Valenciana.crt,
mozilla/RSA_Security_2048_v3.crt, mozilla/Secure_Global_CA.crt,
mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt,
mozilla/Security_Communication_EV_RootCA1.crt,
mozilla/Security_Communication_RootCA2.crt,
mozilla/Security_Communication_Root_CA.crt,
mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt,
mozilla/Staat_der_Nederlanden_EV_Root_CA.crt,
mozilla/Staat_der_Nederlanden_Root_CA.crt,
mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt, mozilla/Starfield_Class_2_CA.crt,
mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/StartCom_Certification_Authority_2.crt,
mozilla/StartCom_Certification_Authority.crt,
mozilla/StartCom_Certification_Authority_G2.crt,
mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt,
mozilla/S-TRUST_Universal_Root_CA.crt, mozilla/Swisscom_Root_CA_1.crt,
mozilla/Swisscom_Root_CA_2.crt, mozilla/Swisscom_Root_EV_CA_2.crt,
mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/Taiwan_GRCA.crt,
mozilla/TC_TrustCenter_Class_3_CA_II.crt,
mozilla/TeliaSonera_Root_CA_v1.crt, mozilla/thawte_Primary_Root_CA.crt,
mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt, mozilla/Trustis_FPS_Root_CA.crt,
mozilla/T-TeleSec_GlobalRoot_Class_2.crt,
mozilla/T-TeleSec_GlobalRoot_Class_3.crt,
mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt,
mozilla/TURKTRUST_Certificate_Services_Provider_Root_2007.crt,
mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.crt,
mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.crt,
mozilla/TWCA_Global_Root_CA.crt,
mozilla/TWCA_Root_Certification_Authority.crt,
mozilla/USERTrust_ECC_Certification_Authority.crt,
mozilla/USERTrust_RSA_Certification_Authority.crt,
mozilla/UTN_USERFirst_Email_Root_CA.crt,
mozilla/UTN_USERFirst_Hardware_Root_CA.crt,
mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt,
mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt,
mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt,
mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_2.crt,
mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt,
mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt,
mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, mozilla/WoSign_China.crt, mozilla/WoSign.crt, mozilla/XRamp_Global_CA_Root.crt, spi-inc.org/spi-cacert-2008.crt
--- End Message ---
--- Begin Message ---
Control: reassign -1 openssl
Control: fixed -1 1.0.1t-1+deb8u1
Hi,
On Sun, Jan 24, 2016 at 12:32:39PM +0100, Rosario Maddox wrote:
> Package: libsms-send-perl
> Version: 1.06-2
> Severity: important
This is really an issue in openssl, and has been resolved since May.
Reassigning, closing, and setting versions.
--
Jonathan Wiltshire [email protected]
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
signature.asc
Description: Digital signature
--- End Message ---
