Good morning,
I tested the same setup on a Buster system and it works perfectly.
Same CA, same intermediates, same configuration and same file locations.
Also with update-ca-certificates.
And, however, if there was a problem with the algorithm implementing the
EC curves on certificates I am using, the verification should not fail
for all certificates, but only for the one I added. Correct me if I'm wrong.
Best regards,
Marc
On 25.10.22 08:01, David Kalnischkies wrote:
On Sun, Oct 23, 2022 at 11:03:19PM +0200, Julian Andres Klode wrote:
apt just calls gnutls_certificate_set_x509_system_trust() and
gnutls_set_default_priority() so this should not be our issue.
Also, on a side note, I have a custom CA (without an immediate) and apt
and co are happy with it. The other difference to my setup is that
I place my certificate in /usr/local/share/ca-certificates/ which avoids
further configuration as update-ca-certificates will pick them up
directly from there (see its manpage).
It might help if you can check if the chaining is part of the problem
or what else might be specific to your setup. Perhaps its the algorithms
used and e.g. gnutls not implementing the EC curves you used (or
something like that or not at all – its just something I ran into in
the past, although not with gnutls, that worked back then…).
Best regards
David Kalnischkies
--
aiticon GmbH
Stephanstraße 1
60313 Frankfurt am Main
t. +49 69 795 83 83-0
f. +49 69 795 83 83-28
Geschäftsführer: Matthias Herlitzius
Amtsgericht Frankfurt am Main · HRB 79310
USt.-ID-Nr.: DE 218319776
