Package: libgnutls-deb0-28
Version: 3.3.6-2
Severity: normal
Hi,
I've been playing with gnutls OCSP support but I noticed that it fails to parse
many apparently valid OCSP responses.
E.g. using gnutls-cli with the --ocsp option:
% gnutls-cli --ocsp facebook.com 443
[...]
importing response: ASN1 parser: Error in DER parsing.
I noticed that many of the rejected OCSP responses come from either digicert.com
or GlobalSign (e.g. other than facebook.com, try also cloudflare.com,
wikipedia.org, github.com, bitbucket.org, imgur.com, ...). Note that openssl
works with them just fine.
Other CAs work fine (e.g. try yahoo.com, namecheap.com, shipit.ubuntu.com, ...).
Cheers
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgnutls-deb0-28 depends on:
ii libc6 2.19-9
ii libgmp10 2:6.0.0+dfsg-6
ii libhogweed2 2.7.1-3
ii libnettle4 2.7.1-3
ii libp11-kit0 0.20.3-2
ii libtasn1-6 4.1-1
ii multiarch-support 2.19-9
ii zlib1g 1:1.2.8.dfsg-2
libgnutls-deb0-28 recommends no packages.
Versions of packages libgnutls-deb0-28 suggests:
ii gnutls-bin 3.3.6-2
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
