Package: git-core Version: 1:1.7.0-1 Severity: normal On a sid system:
git clone https://alioth.debian.org/anonscm/git/pkg-wml/pkg-wml.git Initialized empty Git repository in /home/tg/shared/pkg-wml/.git/ error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://alioth.debian.org/anonscm/git/pkg-wml/pkg-wml.git/info/refs fatal: HTTP request failed On the same system: $ openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect alioth.debian.org:443 CONNECTED(00000003) depth=2 /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/[email protected] verify return:1 depth=1 /O=Debian/CN=ca.debian.org/[email protected] verify return:1 depth=0 /O=Debian/CN=alioth.debian.org/[email protected] verify return:1 --- Certificate chain 0 s:/O=Debian/CN=alioth.debian.org/[email protected] i:/O=Debian/CN=ca.debian.org/[email protected] 1 s:/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/[email protected] i:/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/[email protected] 2 s:/O=Debian/CN=ca.debian.org/[email protected] i:/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/[email protected] --- Server certificate -----BEGIN CERTIFICATE----- MIIFPTCCAyWgAwIBAgIBHjANBgkqhkiG9w0BAQUFADBRMQ8wDQYDVQQKEwZEZWJp YW4xFjAUBgNVBAMTDWNhLmRlYmlhbi5vcmcxJjAkBgkqhkiG9w0BCQEWF2RlYmlh bi1hZG1pbkBkZWJpYW4ub3JnMB4XDTA5MDUxNTEyNTg1NFoXDTEwMDUxNTEyNTg1 NFowVTEPMA0GA1UEChMGRGViaWFuMRowGAYDVQQDExFhbGlvdGguZGViaWFuLm9y ZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5AYWxpb3RoLmRlYmlhbi5vcmcwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqnatyUbcynZ6+yMnkLtNo3/DmVF5H S/FOVfECAhQwzgV8CJOJxl+zcGi4ganLulIEfbXTWToFliXxc0hnvUc6zNCHoHde nFaRS1exGIHSpZf+1HuoOxTPuuBIZoux2l2xKXOuAdEoAnKNVCTKrxrvSYePcMsH IFW2xhUF3mO9kf+uWF5557oImVtIteQ4UiHJzJjZe2atz1Tu6PGnxe/EcXnbj58U ulHykXdNnYZGeoGZOUzsT80N/LHykvVQEbsQsq+aCzmSbnHVbgEsOkmrVOvd72pf u2GFGu/6b8JAT3TW7lh2bTaHE9av1g3zLw4HsIK2Y4grW/ueNBHp2pVLAgMBAAGj ggEaMIIBFjAJBgNVHRMEAjAAMB0GA1UdDgQWBBT3tF/sMO8Za4fX09pa8FWu/hBQ OzCB6QYDVR0jBIHhMIHegBSnz0v6XxLGI3QunqOVkHWMzCZ2lqGBwqSBvzCBvDEL MAkGA1UEBhMCVVMxEDAOBgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFw b2xpczEoMCYGA1UEChMfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDET MBEGA1UECxMKaG9zdG1hc3RlcjEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9y aXR5MSUwIwYJKoZIhvcNAQkBFhZob3N0bWFzdGVyQHNwaS1pbmMub3JnggEDMA0G CSqGSIb3DQEBBQUAA4ICAQAj0F+8YDDJyJZqrAl6UnRfeeWGJw0zLafApe1i61Ex LVbiudAuShgJfqLb52iB7aY8RiYBoCa6pWBt9K8QueAy35nT7LS5ApEF7dTzmXW9 pl4Oh2d0Oyj0O5zX0wzE9/Wcf+OM49zFZysUJRHcm9e2AFTiHaopgKj2X93u3It0 erKOwqdZsEmNElLAca9UmShK2mWhex6v8wDWRKlTqZvOxdWyHseBmfAPm4SQTIBH kgWpmlnBgwnsm8jMPENEfHWqWKjRItWXQIFpLF0PlnXPXVtaYm+b7G8IggA4pHX3 RySvsYCt4SBcbzXtpO2zrIn/0GQGptV1mWvLAWDJe/x1xNQm3ZRzmBlvV9OzgN0b qg/nXP7tPNTdhdNeHmH5cnag9rfToQIhjKsTYBX3HEzR5AuOLXqu2MdH2qS7qmUg F0kVFGFQxW0L+ovU8B2CAjxglfY2Hz5i2HIOWs8b6MI6pJIwgd2oUo9XdJR6GDlJ V7yofOgVaz1ywIUwIXBnb+lSs8N0HFdT97eNz7vHE1YoD5uTei9+VB1ewWp5HWfx 0b5Y3Y9NP9jcc+mojXm2rI5Poxd836oRkFi7c7QNgpw0OVQBwWihzDSFSew3ebjB 29mLkaakjEAfF1DsS0Wi1PJS3nQDKYYbN79au6NeI97Vrkxr4Kq9CKXqY3tMUq54 ZQ== -----END CERTIFICATE----- subject=/O=Debian/CN=alioth.debian.org/[email protected] issuer=/O=Debian/CN=ca.debian.org/[email protected] --- No client certificate CA names sent --- SSL handshake has read 5873 bytes and written 319 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 1F8089E9770D7935451E33149FC5996F5318C5D11CC649BA6DADFCA34EB1C8B8 Session-ID-ctx: Master-Key: 48277EF434E495701C3D285284581114FB60221310DD57B48B1A4B4EA0A7979A66FCE49F4F6532B8D7CA735739E5AE94 Key-Arg : None Start Time: 1268488768 Timeout : 300 (sec) Verify return code: 0 (ok) --- QUIT DONE So this is not a problem with the ca bundle. I think this is because it doesn't correctly validate the chain or something. Same on Lenny, FWIW. bye, //mirabilos, sitting at Debian booth at Chemnitzer Linuxtage -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.18-6-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages git-core depends on: ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libcurl3-gnutls 7.20.0-1 Multi-protocol file transfer libra ii libdigest-sha1-perl 2.12-1 NIST SHA-1 message digest algorith ii liberror-perl 0.17-1 Perl module for error/exception ha ii libexpat1 2.0.1-7 XML parsing C library - runtime li ii perl-modules 5.10.1-11 Core Perl modules ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages git-core recommends: ii less 436-1 pager program similar to more ii openssh-client [ssh-client] 1:5.3p1-3 secure shell (SSH) client, for sec ii patch 2.6-2 Apply a diff file to an original ii rsync 3.0.7-2 fast remote file copy program (lik Versions of packages git-core suggests: pn git-arch <none> (no description available) pn git-cvs <none> (no description available) pn git-daemon-run <none> (no description available) pn git-doc <none> (no description available) pn git-email <none> (no description available) pn git-gui <none> (no description available) pn git-svn <none> (no description available) pn gitk <none> (no description available) pn gitweb <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
