Package: libnss3-1d Version: 3.12.5-1 Severity: grave Justification: renders package unusable
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since upgrading libnss3-1d to 3.12.5, I have been unable to connect to my company's email server. Evolution gives me this dialog: SSL Certificate check for imap.example.com: Issuer: serialNumber=88888888,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US Subject: CN=*.example.com,OU=Domain Control Validated,O=*.example.com Fingerprint: ec:cf:43:7f:87:84:f0:63:ec:b4:5d:60:e5:7e:6b:23 Signature: BAD No problem with iceweasel, thunderbird, etc. but they don't appear to use the split-out package of NSS. I reported the same bug against gnutls, #563127. The maintainer found that gnutls refused to accept the certificate because it was issues by a "V1 CA". Sadly I'm no X.509 expert so I don't know what that really means. The certificate in question was issued in April 2009, so it's not exactly ancient. Please tell me if you'd like the server address to debug this further yourself, or whether there are any command line utilities for NSS that I can use as the equivalent of gnutls-bin/'openssl s_client' to debug further. Because this coincides with the upgrade from 3.12.4 to 3.12.5 I am assuming that NSS made a similar policy change to GnuTLS, to stop trusting V1 CAs. If this is the kind of thing that a user of NSS can override, please let me know and I'll forward that information to the (evolution) upstream bug at <https://bugzilla.gnome.org/show_bug.cgi?id=605773>. - -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (430, 'testing'), (420, 'unstable'), (410, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libnss3-1d depends on: ii dpkg 1.15.5.4 Debian package management system ii libc6 2.10.2-2 GNU C Library: Shared libraries ii libnspr4-0d 4.8.2-1 NetScape Portable Runtime Library ii libsqlite3-0 3.6.21-2 SQLite 3 shared library ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime libnss3-1d recommends no packages. libnss3-1d suggests no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAks9+IoACgkQshl/216gEHgbmgCg4/dEMui2RE3t+GgVJ9je7ouJ AB0AmgOjth0/Cy2emJ/RkhIl56IzQ0Ec =kMHW -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
