On Thu, Mar 06, 2014 at 07:04:40PM +0100, Vincent Lefevre wrote: > Package: lynx-cur > Version: 2.8.8pre5-1 > Severity: important > > On some major web sites, such as www.ens-lyon.fr and www.loria.fr, > with all the certificates provided by ca-certificates installed, > I get the following error for "lynx https://www.ens-lyon.fr/": > > SSL error:the certificate has no known issuer-Continue? (y)
In a quick check, I agree this is a problem with gnutls.
> Perhaps the difference between lynx and wget is that the lynx-cur
> package depends on libgnutls26 while wget depends on libgnutls28.
> Even if the cause is libgnutls26, the real bug is in the lynx-cur
> package, since it depends on a old library.
"upgrading" is relative:
Looking at my Debian/testing, I see that the respective gnutls versions
as reported by "lynx -version" are 2.12.20, and 3.2.11 - and with the
former, both lynx.cur and my own-built lynx give the same message. If I
rebuild it with the latter, the problem goes away.
However the problem doesn't appear with
gnutls 2.8.6 on my Debian 6 machine,
gnutls 2.12.18 on my Debian 7 machine,
Since this is a fairly recent defect in gnutls, it's not reasonable to
suggest that packagers change dependencies to (fairly likely) an equally
defective _different_ version.
--
Thomas E. Dickey <dic...@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
signature.asc
Description: Digital signature
