On 2012-05-10 Russell Coker <russ...@coker.com.au> wrote: > Package: gnutls-bin > Version: 3.0.19-2 > Severity: normal
> $ gnutls-cli -V mail.bluebottle.com -p 443 > Processed 152 CA certificate(s). > Resolving 'mail.bluebottle.com'... > Connecting to '176.9.67.91:443'... > - Peer's certificate issuer is unknown > - Peer's certificate is NOT trusted > - The hostname in the certificate matches 'mail.bluebottle.com'. > *** Verifying server certificate failed... > *** Fatal error: Error in the certificate. > *** Handshake has failed > GnuTLS error: Error in the certificate. > The above is what happens when I use gnutls-cli from a Debian/Unstable system > to try and connect to a web server with a RapidSSL signed certificate. > Doing the same thing with a Debian/Squeeze system gets the following: [...] Hello, Recent versions of gnutls-cli try to check the certificate against /etc/ssl/certs/ca-certificates.crt *by* *default*. If verification fails the connection is aborted. The squeeze version behaves the same way if --x509cafile /etc/ssl/certs/ca-certificates.crt ist set. Use --insecure to override the behavior. FWIW I cannot get openssl to verify the certificate either against the certs in the ca-certificates package. I guess this might be because you are not serving the necessary intermediate certificate (Equifax Secure Certificate Authority certifying RapidSSL CA). cu andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
