The reason for this is OpenSSL 1.0.1 being incapable of validating cross-signed certificates, or multiple chains respectively where one chain ends up being invalid. That latter is the case now because of the Thawte removal in the latest ca-certificates update. We're affected by this as well and will comment on it soon, probably in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812708 FYI, OpenSSL 1.0.2 and GnuTLS don't have this problem. Best, Oliver
smime.p7s
Description: S/MIME Cryptographic Signature