On Sun, 24 Jan 2016 19:29:14 -0600, Michael Shuler wrote: > >So far for a preliminary investigation; since this does not happen on > >the libsms-send-perl side, I'm reassiging the bug to ca-certificates > >for now. > > (dropped Gregor from Re - thanks for the forward)
(You're welcome, and it seems I'm subscribed to the bug :)) > I don't see a Thawte certificate in the mix here - could you possibly > provide some reproduction steps that show the issue? Thanks! > > (Using system with same 2.6 mozilla bundle) > > $ openssl s_client -CApath /etc/ssl/certs -connect api.twillio.com:443 > > CONNECTED(00000003) > depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA > verify return:1 > depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization > Validation CA - SHA256 - G2 > verify return:1 > depth=0 C = US, ST = Delaware, L = Dover, O = Incapsula Inc, CN = > incapsula.com > verify return:1 > --- > Certificate chain > 0 s:/C=US/ST=Delaware/L=Dover/O=Incapsula Inc/CN=incapsula.com > i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - > SHA256 - G2 > 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - > SHA256 - G2 > i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA > <...> > Verify return code: 0 (ok) Indeed that's interesting. OTOH, when I point iceweasel or chromium at https://api.twillio.com/ they (first complain about ssl_error_bad_cert_domain and then) present me the following cert (copied from chromium which allows copy&paste): Issued to: Common Name (CN) *.twilio.com Organization (O) Twilio, Inc. Organizational Unit (OU) api Serial Number 28:1C:A5:54:17:FA:E4:DA:AF:64:92:8C:6D:E5:85:50 Issued by: Common Name (CN) thawte SSL CA - G2 Organization (O) thawte, Inc. Organizational Unit (OU) <Not Part Of Certificate> Validity Period: Issued On Monday, August 31, 2015 at 2:00:00 AM Expires On Saturday, September 17, 2016 at 1:59:59 AM Fingerprints: SHA-256 Fingerprint 1D AA 40 14 2D 43 F5 DD 43 76 AB 7F E4 22 02 6E 99 A7 AB CB 1D 2C 05 8F 5C 10 3D FB E8 FA EE AB SHA-1 Fingerprint 79 E7 4F C0 02 71 C8 11 4A 30 7C 14 DA 09 AE 66 AB BB 50 17 Ehm, even weirder, the cert I get with iceweasel is _different_: Issued to: Common Name (CN) *.twilio.com Organization (O) Twilio, Inc. Organizational Unit (OU) web Serial Number 66:03:B9:49:F3:08:94:7B:86:54:0A:B1:B8:58:FF:00 Issued by: Common Name (CN) thawte SSL CA - G2 Organization (O) thawte, Inc. Organizational Unit (OU) <Not Part Of Certificate> Period of Validity: Begins On 10/12/15 Expires On 12/11/16 Fingerprints: SHA-256 Fingerprint E5:7E:19:B8:66:43:69:AE:3F:10:2E:88:F1:2C:ED:2A:D5:46:39:9B:09:0B:DE:F4:88:90:AD:D1:11:25:74:1F SHA-1 Fingerprint D0:63:A2:76:5D:FE:CD:24:CE:39:75:E7:03:5D:BC:C8:B2:2D:FB:C6 Cheers, gregor -- .''`. Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - https://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Rolling Stones: Stuck
signature.asc
Description: Digital Signature
