Your message dated Wed, 20 Jan 2021 11:05:19 +0100
with message-id <YAgAX/Dlq8NSP/iE@jcristau-z4>
and subject line Re: Bug#968002: Missing ssl certificates
has caused the Debian Bug report #968002,
regarding Missing ssl certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
968002: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968002
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ca-certificates
Version: 20200601~deb10u1
Some certificates seem to be missing in 20200601~deb10u1. The following
command works in version 20190110 but stopped working in 20200601~deb10u1 .
curl https://static.gc.apple.com/public-key/3rd-party-auth-prod-19824d.cer
This gives the output:
curl: (60) SSL certificate problem: unable to get issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
--- End Message ---
--- Begin Message ---
Version: 20210119
On Thu, Aug 06, 2020 at 02:47:20PM +0200, Pim Kartner wrote:
> Package: ca-certificates
> Version: 20200601~deb10u1
>
> Some certificates seem to be missing in 20200601~deb10u1. The following
> command
> works in version 20190110 but stopped working in 20200601~deb10u1 .
>
> curl https://static.gc.apple.com/public-key/3rd-party-auth-prod-19824d.cer
>
> This gives the output:
>
> curl: (60) SSL certificate problem: unable to get issuer certificate
> More details here: https://curl.haxx.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
The GeoTrust Global CA was now removed from the Mozilla trust store
here: https://bugzilla.mozilla.org/show_bug.cgi?id=1670769
Closing this, as I don't believe we should bring it back in the Debian
ca-certificates package, at least for bullseye. I'm still considering
what to do for Debian 10 (buster); see also bug #962596.
Cheers,
Julien
--- End Message ---