Bug#743667: Missing GTE_CyberTrust_Global_Root

Sun, 06 Apr 2014 08:30:25 -0700 

Its missing from the package file list
https://packages.debian.org/sid/all/ca-certificates/filelist

-----Original Message-----
From: "Michael Shuler" <mich...@pbandjelly.org>
Sent: ‎2014/‎04/‎06 7:37
To: "Weilu Jia" <optix2...@gmail.com>; "743...@bugs.debian.org" 
<743...@bugs.debian.org>
Subject: Re: Bug#743667: Missing GTE_CyberTrust_Global_Root

Control: severity -1 normal
Control: tags -1 + moreinfo

On 04/04/2014 05:17 PM, Weilu Jia wrote:
> GTE_CyberTrust_Global_Root is missing from the package and is causing
> ssl certificate verification to fail.
>
> Certificate verification fails because file is missing:
>
> optix2000@rumia ~/Downloads/ca-certificates/mozilla % openssl s_client
> -CApath /etc/ssl/certs -connect secure.nicovideo.jp:443 -tls1
> CONNECTED(00000003)
> depth=2 O = "Cybertrust, Inc", CN = Cybertrust Global Root
> verify error:num=20:unable to get local issuer certificate
> verify return:0
> ---

Works for me. Is it possible that you have the CA disabled?

mshuler@hana:~$ grep GTE_CyberTrust_Global_Root /etc/ca-certificates.conf
mozilla/GTE_CyberTrust_Global_Root.crt

mshuler@hana:~$ openssl s_client -CApath /etc/ssl/certs -connect 
secure.nicovideo.jp:443 -tls1
CONNECTED(00000003)
depth=3 C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, 
Inc.", CN = GTE CyberTrust Global Root
verify return:1
depth=2 O = "Cybertrust, Inc", CN = Cybertrust Global Root
verify return:1
depth=1 C = JP, O = "Cybertrust Japan Co., Ltd.", CN = Cybertrust Japan 
EV CA G2
verify return:1
depth=0 1.3.6.1.4.1.311.60.2.1.3 = JP, serialNumber = 0100-01-052628, 
businessCategory = "V1.0, Clause 5.(b)", C = JP, ST = Tokyo, L = 
Chuo-ku, O = "DWANGO Co.,Ltd.", OU = cert01, CN = secure.nicovideo.jp
verify return:1
---
Certificate chain
  0 
s:/1.3.6.1.4.1.311.60.2.1.3=JP/serialNumber=0100-01-052628/businessCategory=V1.0,
 
Clause 5.(b)/C=JP/ST=Tokyo/L=Chuo-ku/O=DWANGO 
Co.,Ltd./OU=cert01/CN=secure.nicovideo.jp
    i:/C=JP/O=Cybertrust Japan Co., Ltd./CN=Cybertrust Japan EV CA G2
  1 s:/C=JP/O=Cybertrust Japan Co., Ltd./CN=Cybertrust Japan EV CA G2
    i:/O=Cybertrust, Inc/CN=Cybertrust Global Root
  2 s:/O=Cybertrust, Inc/CN=Cybertrust Global Root
    i:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE 
CyberTrust Global Root
---

> The certificate should be readded since it's still listed on the
> mozilla certificate list.

This certificate authority is installed by ca-certificates in Debian - 
there's nothing to add.

> I'm using Archlinux, but the upstream .deb is missing the file.

Perhaps a bug specific to Arch?

-- 
Kind regards,
Michael

Reply via email to