Hi all,
The reason this is manifesting as a giant problem unexpectedly since Saturday
and it did not only hit obscure ancient java programs etc. as Sectigo
predicted, is:
SSL providers such as Namecheap SSLs.com (and probably many others) were
issuing certificates good until mid-2021 with an
This is accurate to my understanding of the situation.
On Mon, Jun 1, 2020 at 11:33 AM Kurt Roeckx wrote:
> Just to clarify, as I understand it, openssl 1.0.2 (so libssl1.0.2
> in oldstable) still has the problem, which means things like
> libcurl in oldstable have that problem. And removing
Just to clarify, as I understand it, openssl 1.0.2 (so libssl1.0.2
in oldstable) still has the problem, which means things like
libcurl in oldstable have that problem. And removing the
certificate from the trust store fixes it.
Kurt
On Mon, Jun 01, 2020 at 01:29:39AM +0200, Axel Beckert wrote:
> OpenSSL 1.1.1g 21 Apr 2020
> → openssl s_client -connect mirror.sinavps.ch:443
> CONNECTED(0003)
> depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN =
> AddTrust External CA Root
> verify
On Mon, Jun 1, 2020 at 1:29 AM Axel Beckert wrote:
> > You will need to workaround this. As such this motivates critical me
> think.
>
> I think "grave" is severe enough, as it "only" breaks HTTPS including
> apt with HTTPS-based mirrors (as the one mentioned above) and hence
> only "unrelated
Hi,
Axel Beckert wrote:
> Certificate chain
> 0 s:OU = Domain Control Validated, OU = Globe Standard SSL, CN =
> mirror.sinavps.ch
> i:C = US, ST = DE, L = Wilmington, O = "Globe Hosting, Inc.", CN =
> GlobeSSL DV Certification Authority 2
> 1 s:C = US, ST = DE, L = Wilmington, O = "Globe
Control: affects -1 + lynx libwww-perl wget links links2 apt aptitude w3m curl
openssl dillo mpv epiphany vlc luakit surf aptitude-robot
Hi,
Rémi Denis-Courmont wrote:
> The AddTrust_External_Root.crt certificate has expired, and its
> continued inclusion in the ca-certificates set is causing
7 matches
Mail list logo
