Package: ca-certificates Version: 20130119 Severity: important Hello,
I noticed that my puppet agent fails to connect to puppet server due to invalid certificate. While it might be the job of puppet to maintain the certificates I went ahead and added the puppet CA: ln -sf /var/lib/puppet/ssl/certs/ca.pem /usr/local/share/ca-certificates/puppet-ca.crt tried to connect to puppet server: openssl s_client -connect localhost:8140 .... Verify return code: 19 (self signed certificate in certificate chain) openssl s_client -connect localhost:8140 -CApath /etc/ssl/certs .... Verify return code: 0 (ok) WTF? Oh yeah, openssl does not verify hostname. It's *that* awesome. Any idea how I can add local certificate so that it's actually used? Thanks Michal -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (990, 'stable'), (800, 'oldstable'), (500, 'testing'), (400, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.49 ii openssl 1.0.1e-2 ca-certificates recommends no packages. ca-certificates suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
