Package: gnutls-bin Version: 3.0.19-2 Severity: normal $ gnutls-cli -V mail.bluebottle.com -p 443 Processed 152 CA certificate(s). Resolving 'mail.bluebottle.com'... Connecting to '176.9.67.91:443'... - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - The hostname in the certificate matches 'mail.bluebottle.com'. *** Verifying server certificate failed... *** Fatal error: Error in the certificate. *** Handshake has failed GnuTLS error: Error in the certificate.
The above is what happens when I use gnutls-cli from a Debian/Unstable system to try and connect to a web server with a RapidSSL signed certificate. Doing the same thing with a Debian/Squeeze system gets the following: Resolving 'mail.bluebottle.com'... Connecting to '176.9.67.91:443'... - Ephemeral Diffie-Hellman parameters - Using prime: 1024 bits - Secret key: 1020 bits - Peer's public key: 1023 bits - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - X.509 Certificate Information: Version: 3 Serial Number (hex): 0315ad Issuer: C=US,O=GeoTrust\, Inc.,CN=RapidSSL CA Validity: Not Before: Thu Sep 08 06:25:53 UTC 2011 Not After: Wed Oct 09 15:30:26 UTC 2013 Subject: serialNumber=wTi3elrgd2VQGCQkWxRZyctXBhdd4vRf,C=AU,O=*.bluebottle.com,OU=GT42855799,OU=See www.rapidssl.com/resources/cps (c)11,OU=Domain Control Validated - RapidSSL(R),CN=*.bluebottle.com Subject Public Key Algorithm: RSA Modulus (bits 2048): -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gnutls-bin depends on: ii libc6 2.13-32 ii libgmp10 2:5.0.5+dfsg-1.1 ii libgnutls28 3.0.19-2 ii libhogweed2 2.4-1 ii libidn11 1.24-2 ii libnettle4 2.4-1 ii libopts25 1:5.12-0.1 ii libp11-kit0 0.12-3 ii libtasn1-3 2.12-1 ii zlib1g 1:1.2.7.dfsg-1 gnutls-bin recommends no packages. gnutls-bin suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org