Bug#812488: libsms-send-perl: After upgrade: Can't send SMS: 500 Can't connect to api.twilio.com:443 (certificate verify failed)

Sun, 24 Jan 2016 17:34:03 -0800 

On 01/24/2016 09:49 AM, gregor herrmann wrote:

On Sun, 24 Jan 2016 12:32:39 +0100, Rosario Maddox wrote:


Yesterday I did: sudo apt-get upgrade, and I have this now:
Can't send SMS: 500 Can't connect to api.twilio.com:443 (certificate
verify failed) at /usr/share/perl5/SMS/Send.pm line 270.

Basically, something is wrong with checking of certificates. This may be
due to other package, but I cannot identify it.


I assume this was a dist-upgrade to to new 8.3 point release.
Since libsms-send-perl was not invvolved and has't changed its code
since years, the problem must indeed originate somewhere else.

Looking at
https://lists.debian.org/debian-announce/2016/msg00001.html , the
ca-certificates package looks like a plausible source, and its
changelog mentions that some CA certs were removed:
http://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20141019+deb8u1_changelog
(some history in https://bugs.debian.org/806239 ).

Further investigation shows that api.twilio.com uses some thawte
cert, and the changelog above shows that some thawte CAs have been
removed; not sure if they are exactly the same but this might be the
cause of your problems.

So far for a preliminary investigation; since this does not happen on
the libsms-send-perl side, I'm reassiging the bug to ca-certificates
for now.


(dropped Gregor from Re - thanks for the forward)
I don't see a Thawte certificate in the mix here - could you possibly provide some reproduction steps that show the issue? Thanks! 

(Using system with same 2.6 mozilla bundle)
$ openssl s_client -CApath /etc/ssl/certs -connect api.twillio.com:443 
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 
verify return:1
depth=0 C = US, ST = Delaware, L = Dover, O = Incapsula Inc, CN = incapsula.com 
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Delaware/L=Dover/O=Incapsula Inc/CN=incapsula.com
i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2 
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
<...>
    Verify return code: 0 (ok)

Reply via email to