Package: libgnutls26 Version: 2.12.20-8+deb7u2 Severity: important Dear Maintainer,
I discovered that gnutls on wheezy is having trouble parsing some server
certificates. If I add the leaf certificate to my list of CA it works
fine, but with the (provided by ca-certificates) CA, it refuses to
establish the connection.
The issue can be reproduced with::
wget https://oval.mitre.org/rep-data/5.10/org.mitre.oval/m/oval.xml
Which goes wrong (unknown issuer). The following goes well (Where
``EntrustCertificationAuthority-L1K`` is a local copy of the ``Entrust
Certification Authority - L1K`` certificate)::
wget https://oval.mitre.org/rep-data/5.10/org.mitre.oval/m/oval.xml
--ca-certificate=EntrustCertificationAuthority-L1K
GnuTLS seems to be unable to parse the certificate for "Entrust Root
Certification Authority - G2" correctly.
A similar trouble seems to be described here:
http://www.linuxquestions.org/questions/debian-26/wget-certificate-error-4175495817/
Let me know If I can provide you with more information.
Best Regards,
Ben.
[ This issue was reported to the GnuTLS Maintainer ML here first:
http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/2015-April/006457.html]
Information:
Debian Release: 7.8
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgnutls26 depends on:
ii libc6 2.13-38+deb7u8
ii libgcrypt11 1.5.0-5+deb7u2
ii libp11-kit0 0.20.2-1~bpo70+1
ii libtasn1-3 2.13-2+deb7u1
ii multiarch-support 2.13-38+deb7u8
ii zlib1g 1:1.2.7.dfsg-13
libgnutls26 recommends no packages.
libgnutls26 suggests no packages.
-- no debconf information
--
Benoît Allard (B30A05B0)|Greenbone Networks GmbH|http://greenbone.net
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
signature.asc
Description: OpenPGP digital signature
