Package: ca-certificates
Version: 20150426
Severity: important

Hi,

since the last ca-certificates update I'm having problems browsing
some pages with Epiphany/webkitgtk. One example is Facebook.

It seems that GTE_CyberTrust_Global_Root.crt is missing.


This would be the normal output:

$ openssl s_client -CApath /etc/ssl/certs -connect 
fbcdn-dragon-a.akamaihd.net:443
CONNECTED(00000003)
depth=3 C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN 
= GTE CyberTrust Global Root
verify return:1
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 O = Cybertrust Inc, CN = Cybertrust Public SureServer SV CA
verify return:1
depth=0 C = US, ST = MA, L = Cambridge, O = "Akamai Technologies, Inc.", CN = 
a248.e.akamai.net
verify return:1


And this is what I get with the latest ca-certificates package:

$ openssl s_client -CApath /etc/ssl/certs -connect 
fbcdn-dragon-a.akamaihd.net:443
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify error:num=20:unable to get local issuer certificate


Other browsers (Chromium, Iceweasel) seem to work fine, though.

Thanks,

Berto

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  openssl                1.0.2a-1

ca-certificates recommends no packages.

ca-certificates suggests no packages.

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to