Control: severity -1 important
(cc'ed bug reporters and those on a direct email to ack)
On 6/10/20 3:27 PM, Carlos Alberto Lopez Perez wrote:
On 10/06/2020 16:51, Philippe Normand wrote:
Since the update of ca-certificates to version 20200601 I can no longer access
webkit.org websites.
The removed CA (GeoTrust Global CA) is used to sign the Apple
intermediate certificate "Apple IST CA 2 - G1".
Firefox and Chrome have some sort of hack (likely a whitelist)
specifically to trust this Apple's intermediate CAs:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec
So the website still works in Firefox and Chrome on Debian, even with
GeoTrust removed. But it doesn't work with GnuTLS (or the Epiphany web
browser).
Thanks for the bug report. I will work on reverting the blacklist commit
and get with the release team when that is completed.
Kind regards,
Michael
