Hi, At Ubuntu, we encountered this bug after performing a security update, which includes the patch from 2.6.1 and 2.6.2. These upstream patches are also what are in sid's 2.4.2-3. This affects more than just Verisign, and seems the cause is when the last certificate in the chain is a self-signed CA. Upstream's 2.6.2 is also affected.
See https://bugs.launchpad.net/debian/+source/gnutls26/+bug/305264/ for some more information. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506853 may also be related. This is also being discussed upstream in: http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00006.html Thanks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]