On 02/01/2015 05:05 PM, Michael Biebl wrote:
Digging a bit deeper, I found that https://softwareupdate.vmware.com/
uses the GTE_CyberTrust_Global_Root.crt certificate, and apparently that
certificate was disabled, as "dpkg-reconfigure ca-certificates" showed.
After re-enabling that CA the problem was gone.
When ca-certificates_20150117 is released, this 1025-bit CA will be
removed again.
You might wish to let vmware know that their site will cease to verify
with the next Mozilla release of NSS, Firefox, et. al.
http://anonscm.debian.org/cgit/collab-maint/ca-certificates.git/tree/debian/changelog
Since I never explicitly disabled that CA, I assume something went wrong
in the package itself, since a fresh installation does enable that CA.
Maybe this is related to the changes in 20140223, where this certificate
was disabled, and the subsequent upload 20140325 not properly
re-enabling it?
Yes, this is what happened. The re-addition of a removed CA was not
automatically re-enabled, since the configuration only sees a saved
"untrusted" line. https://bugs.debian.org/743339
--
Michael
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
