Package: lynx-cur Version: 2.8.9dev6-3 Severity: serious Tags: security If I run
lynx https://www.vinc17.net:4434/ I get SSL error:The certificate is NOT trusted. The certificate chain is revoked. -Continue? (n) as expected. But If I set up a test server with the same certificate with: openssl s_server -CAfile old.crt -key old.key -cert old.crt -www (the default port being 4433) and run lynx https://www.vinc17.net:4433/ I don't get any error. No such problem with Iceweasel, which says: Secure Connection Failed An error occurred during a connection to www.vinc17.net:4433. Peer's Certificate has been revoked. (Error code: sec_error_revoked_certificate) With curl, I get: $ curl --cert-status https://www.vinc17.net:4434/ curl: (91) Server certificate was revoked: unspecified reason $ curl --cert-status https://www.vinc17.net:4433/ curl: (91) No OCSP response received I wonder why curl doesn't get an OCSP response in the 4433 case, but at least one gets an error. -- System Information: Debian Release: stretch/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.1.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lynx-cur depends on: ii libbsd0 0.7.0-2 ii libbz2-1.0 1.0.6-8 ii libc6 2.19-19 ii libgnutls-deb0-28 3.3.17-1 ii libidn11 1.32-1 ii libncursesw5 5.9+20150516-2 ii libtinfo5 5.9+20150516-2 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages lynx-cur recommends: ii mime-support 3.59 lynx-cur suggests no packages. -- no debconf information _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
