On 2012-05-01 08:15:47 +0200, Mike Hommey wrote: > On Tue, May 01, 2012 at 02:59:12AM +0200, Vincent Lefevre wrote: > > The problem seems to be that the new libnss3-1d is confused by > > intermediate certificates from cert8.db that are in the chain. > > > > For instance, if I remove the UTN-USERFirst-Hardware certificate > > with > > > > certutil -D -d .mozilla/firefox/xwsukxd4.test6/ -n UTN-USERFirst-Hardware > > > > the problem disappears on <https://www.zeroforfait.fr/>. > > > > As an example, I've attached the two certificates. Perhaps the > > old libnss3-1d was ignoring certificates of cert8.db below the > > root certificate? (There isn't much in the changelog). > > I can't reproduce the problem with either certificates, except if I > explicitely distrust them. But in that case, it happens on 3.13.4 as > well as 3.13.3.
Perhaps one needs more than the above one (there are other certificates that are in the chain). Is there a way to do a request with certutil like Firefox does, and get information of what is done (e.g. which certificates from cert8.db are used)? -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
