Hi,
like Luciano said, there's some issue with wget not able to fetch
intermediate certs via TLS AIA url.
It's a general problem by that time also for stable and oldstable. The
workaround with #783096 (using http) is non functional now because ieee
has switched to https-only (forwarding http to https).
If you want to reproduce/verify the issue:
###
$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux testing (buster)
Release: testing
Codename: buster
$ sudo /usr/sbin/update-ieee-data
Updating /var/lib/ieee-data//oui.txt
Checking permissions on /var/lib/ieee-data//oui.txt
Downloading
https://standards.ieee.org/develop/regauth/oui/oui.txt to
/var/lib/ieee-data//oui.txt
wget -q -O- https://standards.ieee.org/develop/regauth/oui/oui.txt exit
with 5
###
$ wget https://standards.ieee.org/develop/regauth/oui/oui.txt
--2018-09-03 11:12:19--
https://standards.ieee.org/develop/regauth/oui/oui.txt
Resolving standards.ieee.org (standards.ieee.org)... 34.237.206.211
Connecting to standards.ieee.org
(standards.ieee.org)|34.237.206.211|:443... connected.
ERROR: The certificate of ‘standards.ieee.org’ is not trusted.
ERROR: The certificate of ‘standards.ieee.org’ hasn't got a known
issuer.
###
$ echo "" | openssl s_client -connect standards.ieee.org:443 -prexit
2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' >
standards.ieee.org.crt
$ openssl verify standards.ieee.org.crt
C = US, ST = New Jersey, L = Piscatwaway, O = IEEE, OU = IT-Systems
Analysts, CN = *.ieee.org
error 20 at 0 depth lookup: unable to get local issuer certificate
error standards.ieee.org.crt: verification failed
$ wget http://aia.entrust.net/l1k-chain256.cer
$ openssl x509 -inform der -outform pem -in l1k-chain256.cer -out
l1k-chain256.pem
$ openssl verify -untrusted l1k-chain256.pem standards.ieee.org.crt
standards.ieee.org.crt: OK
###
btw: IEEE violating standards by not submitting intermediate certs?
regards
hede
