[Aptitude-devel] Bug#931913: marked as done (aptitude: The certificate is NOT trusted when using https to fetch packages from security.debian.org in buster)

Debian Bug Tracking System Fri, 12 Jul 2019 04:01:15 -0700

Your message dated Fri, 12 Jul 2019 12:57:44 +0200
with message-id <[email protected]>
and subject line Re: [Aptitude-devel] Bug#931913: aptitude: The certificate is 
NOT trusted when using https to fetch packages from security.debian.org in 
buster
has caused the Debian Bug report #931913,
regarding aptitude: The certificate is NOT trusted when using https to fetch 
packages from security.debian.org in buster
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
931913: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931913
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: aptitude
Version: 0.8.11-7
Severity: normal

Dear Maintainer,

After a fresh install of buster on my notebook, I installed the package 
"aptitude" to manage my packages.

It reported to me there was an update (firefox-esr) available. At thispoint I 
exited the app and changed the sources.list file entries to make all future 
updates via https, instead of the default http.

When I run the aptitude app and did an update, it reports the following:

Failed to download some files

W: Failed to fetch 
https://security.debian.org/debian-security/dists/buster/updates/Release: 
Certificate verification failed. The certificate is NOT trusted...

E: Some index files failed to download. They have been ignored, or old one used 
instead.

The warning goes away if I changed back to http instead of https for the 
entries to security.debian.org in sources.list.



Thanks for your attention.

Lee 
 



-- Package-specific info:
Terminal: xterm-256color
$DISPLAY is set.
which aptitude: /usr/bin/aptitude

aptitude version information:
aptitude 0.8.11
Compiler: g++ 8.2.0
Compiled against:
  apt version 5.0.2
  NCurses version 6.1
  libsigc++ version: 2.10.1
  Gtk+ support disabled.
  Qt support disabled.

Current library versions:
  NCurses version: ncurses 6.1.20181013
  cwidget version: 0.5.17
  Apt version: 5.0.2

aptitude linkage:
        linux-vdso.so.1 (0x00007ffe1419e000)
        libapt-pkg.so.5.0 => /lib/x86_64-linux-gnu/libapt-pkg.so.5.0 
(0x00007f28dc9f5000)
        libncursesw.so.6 => /lib/x86_64-linux-gnu/libncursesw.so.6 
(0x00007f28dc9bb000)
        libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 
(0x00007f28dc98d000)
        libsigc-2.0.so.0 => /lib/x86_64-linux-gnu/libsigc-2.0.so.0 
(0x00007f28dc984000)
        libcwidget.so.3 => /lib/x86_64-linux-gnu/libcwidget.so.3 
(0x00007f28dc87e000)
        libsqlite3.so.0 => /lib/x86_64-linux-gnu/libsqlite3.so.0 
(0x00007f28dc75c000)
        libboost_iostreams.so.1.67.0 => 
/lib/x86_64-linux-gnu/libboost_iostreams.so.1.67.0 (0x00007f28dc73c000)
        libboost_system.so.1.67.0 => 
/lib/x86_64-linux-gnu/libboost_system.so.1.67.0 (0x00007f28dc735000)
        libxapian.so.30 => /lib/x86_64-linux-gnu/libxapian.so.30 
(0x00007f28dc509000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 
(0x00007f28dc4e8000)
        libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 
(0x00007f28dc364000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f28dc1e1000)
        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 
(0x00007f28dc1c5000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f28dc004000)
        libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 
(0x00007f28dbfea000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f28dbdcc000)
        libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 
(0x00007f28dbdb9000)
        liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f28dbd91000)
        liblz4.so.1 => /lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f28dbd70000)
        libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007f28dbcd0000)
        libudev.so.1 => /lib/x86_64-linux-gnu/libudev.so.1 (0x00007f28dbcaa000)
        libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 
(0x00007f28dbc09000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f28dd026000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f28dbc04000)
        librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f28dbbf8000)
        libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x00007f28dbbef000)
        libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 
(0x00007f28dbad1000)
        libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 
(0x00007f28dbaae000)

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_SG.UTF-8, LC_CTYPE=en_SG.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_SG:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages aptitude depends on:
ii  aptitude-common           0.8.11-7
ii  libapt-pkg5.0             1.8.2
ii  libboost-iostreams1.67.0  1.67.0-13
ii  libboost-system1.67.0     1.67.0-13
ii  libc6                     2.28-10
ii  libcwidget3v5             0.5.17-11
ii  libgcc1                   1:8.3.0-6
ii  libncursesw6              6.1+20181013-2
ii  libsigc++-2.0-0v5         2.10.1-2
ii  libsqlite3-0              3.27.2-3
ii  libstdc++6                8.3.0-6
ii  libtinfo6                 6.1+20181013-2
ii  libxapian30               1.4.11-1

Versions of packages aptitude recommends:
ii  libparse-debianchangelog-perl  1.2.0-13
ii  sensible-utils                 0.0.12

Versions of packages aptitude suggests:
pn  apt-xapian-index                <none>
pn  aptitude-doc-en | aptitude-doc  <none>
pn  debtags                         <none>
ii  tasksel                         3.53

-- no debconf information

--- End Message ---

--- Begin Message ---

Hi JL,

JL Lee wrote:
> I exited the app and changed the sources.list file entries to make
> all future updates via https, instead of the default http.
> 
> When I run the aptitude app and did an update, it reports the following:
> 
> Failed to download some files
> 
> W: Failed to fetch 
> https://security.debian.org/debian-security/dists/buster/updates/Release: 
> Certificate verification failed. The certificate is NOT trusted...

security.debian.org _officially_ does not provide HTTPS at all. The
certificate which is installed there is not signed by a commonly
recognized CA, only by a Debian-internal CA.

So this error message is completely valid as the certificate is
invalid from a HTTPS client point of view.

                Regards, Axel
-- 
 ,''`.  |  Axel Beckert <[email protected]>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

signature.asc
Description: PGP signature

--- End Message ---

_______________________________________________
Aptitude-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/aptitude-devel

[Aptitude-devel] Bug#931913: marked as done (aptitude: The certificate is NOT trusted when using https to fetch packages from security.debian.org in buster)

Reply via email to