Bug#743667: Missing GTE_CyberTrust_Global_Root

Sun, 06 Apr 2014 07:39:26 -0700 

Control: severity -1 normal
Control: tags -1 + moreinfo

On 04/04/2014 05:17 PM, Weilu Jia wrote:

GTE_CyberTrust_Global_Root is missing from the package and is causing
ssl certificate verification to fail.

Certificate verification fails because file is missing:

optix2000@rumia ~/Downloads/ca-certificates/mozilla % openssl s_client
-CApath /etc/ssl/certs -connect secure.nicovideo.jp:443 -tls1
CONNECTED(00000003)
depth=2 O = "Cybertrust, Inc", CN = Cybertrust Global Root
verify error:num=20:unable to get local issuer certificate
verify return:0
---


Works for me. Is it possible that you have the CA disabled?

mshuler@hana:~$ grep GTE_CyberTrust_Global_Root /etc/ca-certificates.conf
mozilla/GTE_CyberTrust_Global_Root.crt
mshuler@hana:~$ openssl s_client -CApath /etc/ssl/certs -connect secure.nicovideo.jp:443 -tls1 
CONNECTED(00000003)
depth=3 C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root 
verify return:1
depth=2 O = "Cybertrust, Inc", CN = Cybertrust Global Root
verify return:1
depth=1 C = JP, O = "Cybertrust Japan Co., Ltd.", CN = Cybertrust Japan EV CA G2 
verify return:1
depth=0 1.3.6.1.4.1.311.60.2.1.3 = JP, serialNumber = 0100-01-052628, businessCategory = "V1.0, Clause 5.(b)", C = JP, ST = Tokyo, L = Chuo-ku, O = "DWANGO Co.,Ltd.", OU = cert01, CN = secure.nicovideo.jp 
verify return:1
---
Certificate chain
0 s:/1.3.6.1.4.1.311.60.2.1.3=JP/serialNumber=0100-01-052628/businessCategory=V1.0, Clause 5.(b)/C=JP/ST=Tokyo/L=Chuo-ku/O=DWANGO Co.,Ltd./OU=cert01/CN=secure.nicovideo.jp 
   i:/C=JP/O=Cybertrust Japan Co., Ltd./CN=Cybertrust Japan EV CA G2
 1 s:/C=JP/O=Cybertrust Japan Co., Ltd./CN=Cybertrust Japan EV CA G2
   i:/O=Cybertrust, Inc/CN=Cybertrust Global Root
 2 s:/O=Cybertrust, Inc/CN=Cybertrust Global Root
i:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root 
---


The certificate should be readded since it's still listed on the
mozilla certificate list.
This certificate authority is installed by ca-certificates in Debian - there's nothing to add. 


I'm using Archlinux, but the upstream .deb is missing the file.


Perhaps a bug specific to Arch?

--
Kind regards,
Michael


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to