On 01/27/2016 06:47 AM, Christian Beer wrote:
I tested with a current Jessie and Stretch installation and it turns out that openssl 1.0.2 verifies the "Thawte Primary Root CA" correctly because it is in the certificate store. With openssl 1.0.1 this verification fails because it looks for the (removed) "Thawte Premium Server CA". I first thought it only affects servers that send both chains but as Leszek writes this also affects him.
Thank you for the details!
So I would like to see the "Thawte Premium Server CA" in the Debian Jessie certificate store again very soon.
Yep, sorry for the regression, but I appreciate the extra info - it helps solve some of my own troubleshooting.
-- Kind regards, Michael
