Hi BenoƮt,Thanks for reporting this. I'm running Debian testing myself, but I didn't see this problem because I hadn't upgrade the ca-certificates package in the last two weeks or so. After upgrading, I see the same error as you.
The SSL certificate of our website is from StartCom, a company that used to offer cheap certificates that were popular in the open source world (kernel.org was using the same kind of certifiacate as we have), but recently fell into distrust [1].
As we see now the problem extends to old certificates like ours as well. We need to replace our certificate ASAP.
In the mean time you can download the Kwant debs manually and install them directly with 'dpkg' or you can downgrade the ca-certificates package to an older version (before 20161130+nmu1).
Cheers, Christoph[1] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
smime.p7s
Description: S/MIME cryptographic signature
