Hi, there are more people reporting that they are directly affected by a bug in the Debian Jessie openssl package where it doesn't check an alternative certificate chain (which is fixed in the latest upstream 1.0.1).
I would urge the Release Team to come to a conclusion regarding the upgrade of openssl which would fix this issue. It is also possible to reintroduce the old certificates in a new version of ca-certificates if the upgrade is denied but this wouldn't fix other issues with openssl. Right now the combination of openssl and ca-certificates in Debian Jessie is not working for a lot of websites (that they themselves can't fix). I understand the hesitation to upgrade openssl but I would like to return to a working Jessie rather than use an obviously broken one. Regards Christian
