Package: mono-csharp-shell Version: 6.8.0.105+dfsg-3.2 Severity: normal Hello,
csharp -e 'new System.Net.WebClient ().DownloadString ("https://letsencrypt.org/")' currently fails with a TrustFailure. The certificate that (currently) is served there looks as follows: Certificate chain 0 s:CN = lencr.org i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 (taken from openssl s_client -connect letsencrypt.org:https ). For a similar setup webserver connecting using the above commandline succeeds when the "DST Root CA X3" certificate is taken out of the provided chain. I guess the ssl verifying component in mono has the same problem as openssl < 1.1.0, i.e. the expired "DST Root CA X3" certificate makes the verification fail even though the "ISRG Root X1" is trusted. This breaks keepass2 when it's setup to have the password-db on a https-secured webdav store. Similar bug reports can be found on the net, e.g.: https://sourceforge.net/p/keepass/discussion/329221/thread/21747e1096/ (I don't really know about mono and so probably picked the wrong Package to report this problem against, please reassign accordingly.) Best regards Uwe -- System Information: Debian Release: bookworm/sid APT prefers stable-security APT policy: (700, 'stable-security'), (700, 'stable-debug'), (700, 'oldstable-updates'), (700, 'stable'), (700, 'oldstable'), (600, 'unstable'), (500, 'unstable-debug'), (500, 'oldstable-debug'), (500, 'oldoldstable'), (499, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf, arm64 Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages mono-csharp-shell depends on: ii libc6 2.31-13 ii libmono-corlib4.5-cil 6.8.0.105+dfsg-3.2 ii libmono-csharp4.0c-cil 6.8.0.105+dfsg-3.2 ii libmono-management4.0-cil 6.8.0.105+dfsg-3.2 ii libmono-system4.0-cil 6.8.0.105+dfsg-3.2 ii mono-runtime 6.8.0.105+dfsg-3.2 mono-csharp-shell recommends no packages. mono-csharp-shell suggests no packages. -- no debconf information