Your message dated Thu, 20 Dec 2018 17:16:39 +0100 with message-id <[email protected]> and subject line Re: Bug#752272: Last certificate not self-signed has caused the Debian Bug report #752272, regarding gnutls-bin: Self-signed ca can't create trusted client certs to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 752272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752272 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: gnutls-bin Version: 3.2.15-1~bpo70+1 Severity: important Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? Wishing for a stable and secure remote qemu/kvm-VM, managed by virt-manager and libvirt * What exactly did you do (or not do) that was effective (or ineffective)? Following this guide (http://libvirt.org/remote.html#Remote_certificates) with the wheezy standard gnutls-bin package, worked fine. Redid everything with the backports-package for ecc-dsa support (new CA) and ssl for webserver. Every certificate came out not trusted by certtool -e; this broke every tls connection to the server. Redid everything with the backports-package on my notebook (where I now write from), outcome was identical. No trusted certificate structure can be obtained. So it's definitively the package. Will downgrade again, hope that solves the problem for now. Will keep you posted. * What was the outcome of this action? Either the certificate generating algorithm broke during the update, or the verification routine prints out false-negatives. * What outcome did you expect instead? Working certificates ;) *** End of the template - remove these lines *** -- System Information: Debian Release: 7.5 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnutls-bin depends on: ii libc6 2.13-38+deb7u1 ii libgmp10 2:5.0.5+dfsg-2 ii libgnutls28 3.2.15-1~bpo70+1 ii libhogweed2 2.7.1-1~bpo70+1 ii libidn11 1.25-2 ii libnettle4 2.7.1-1~bpo70+1 ii libp11-kit0 0.20.2-1~bpo70+1 ii libtasn1-6 3.6-1~bpo70+1 ii zlib1g 1:1.2.7.dfsg-13 gnutls-bin recommends no packages. gnutls-bin suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---On 2014-06-23 Jo Drexl <[email protected]> wrote: > Am Sonntag, den 22.06.2014, 19:54 +0200 schrieb Andreas Metzler: > > * certtool --verify --load-ca-certificate cacert.pem --infile \ > BTW: The --verify parameter doesn't exist in the stable package. It was > introduced afterwards. > But cat-ing them into one testfile and verify the chain then works, > you're right. Closing ancient, debugged bug report.
--- End Message ---
