Package: ca-certificates
Version: 20140325
Severity: important
GTE_CyberTrust_Global_Root is missing from the package and is causing
ssl certificate verification to fail.
Certificate verification fails because file is missing:
optix2000@rumia ~/Downloads/ca-certificates/mozilla % openssl s_client
-CApath /etc/ssl/certs -connect secure.nicovideo.jp:443 -tls1
CONNECTED(00000003)
depth=2 O = "Cybertrust, Inc", CN = Cybertrust Global Root
verify error:num=20:unable to get local issuer certificate
verify return:0
---
==SNIP==
SRP username: None
Start Time: 1396649277
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
Validation succeeds if the missing file is added.
optix2000@rumia ~/Downloads/ca-certificates/mozilla % openssl s_client
-CAfile ./GTE_CyberTrust_Global_Root.crt -connect
secure.nicovideo.jp:443 -tls1
CONNECTED(00000003)
depth=3 C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions,
Inc.", CN = GTE CyberTrust Global Root
verify return:1
depth=2 O = "Cybertrust, Inc", CN = Cybertrust Global Root
verify return:1
depth=1 C = JP, O = "Cybertrust Japan Co., Ltd.", CN = Cybertrust Japan EV CA G2
verify return:1
depth=0 1.3.6.1.4.1.311.60.2.1.3 = JP, serialNumber = 0100-01-052628,
businessCategory = "V1.0, Clause 5.(b)", C = JP, ST = Tokyo, L =
Chuo-ku, O = "DWANGO Co.,Ltd.", OU = cert01, CN = secure.nicovideo.jp
verify return:1
---
==SNIP==
SRP username: None
Start Time: 1396649293
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
The certificate should be readded since it's still listed on the
mozilla certificate list.
I'm using Archlinux, but the upstream .deb is missing the file.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
