Package: lynx-cur Version: 2.8.8pre5-1 Severity: important On some major web sites, such as www.ens-lyon.fr and www.loria.fr, with all the certificates provided by ca-certificates installed, I get the following error for "lynx https://www.ens-lyon.fr/":
SSL error:the certificate has no known issuer-Continue? (y) Other commands such as wget https://www.ens-lyon.fr/ curl https://www.ens-lyon.fr/ do not return any error. A strace shows that wget uses "/etc/ssl/certs/ca-certificates.crt" like lynx, but curl uses "/etc/ssl/certs/157753a5.0". And openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect www.ens-lyon.fr:443 outputs: CONNECTED(00000003) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 depth=2 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware verify return:1 depth=1 C = NL, O = TERENA, CN = TERENA SSL CA verify return:1 depth=0 OU = Domain Control Validated, CN = www.ens-lyon.fr verify return:1 --- Certificate chain 0 s:/OU=Domain Control Validated/CN=www.ens-lyon.fr i:/C=NL/O=TERENA/CN=TERENA SSL CA 1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 2 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 3 s:/C=NL/O=TERENA/CN=TERENA SSL CA i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware --- [...] Perhaps the difference between lynx and wget is that the lynx-cur package depends on libgnutls26 while wget depends on libgnutls28. Even if the cause is libgnutls26, the real bug is in the lynx-cur package, since it depends on a old library. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lynx-cur depends on: ii libbsd0 0.6.0-2 ii libbz2-1.0 1.0.6-5 ii libc6 2.18-4 ii libgcrypt11 1.5.3-3 ii libgnutls26 2.12.23-13 ii libidn11 1.28-1 ii libncursesw5 5.9+20140118-1 ii libtinfo5 5.9+20140118-1 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages lynx-cur recommends: ii mime-support 3.54 lynx-cur suggests no packages. -- debconf information: lynx-cur/defaulturl: http://www.vinc17.org/ lynx-cur/etc_lynx.cfg: -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
