11:26 hrw@malenstwo:~$ LC_ALL=C wget ebank.db-pbc.pl
--2016-03-03 11:26:05-- http://ebank.db-pbc.pl/
Resolving ebank.db-pbc.pl (ebank.db-pbc.pl)... 160.83.21.131
Connecting to ebank.db-pbc.pl (ebank.db-pbc.pl)|160.83.21.131|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://ebank.db-pbc.pl/ [following]
--2016-03-03 11:26:05-- https://ebank.db-pbc.pl/
Connecting to ebank.db-pbc.pl (ebank.db-pbc.pl)|160.83.21.131|:443... connected.
ERROR: cannot verify ebank.db-pbc.pl's certificate, issued by '/C=US/O=Symantec
Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3':
Unable to locally verify the issuer's authority.
To connect to ebank.db-pbc.pl insecurely, use `--no-check-certificate'.
11:27 hrw@malenstwo:~$ openssl s_client -connect ebank.db-pbc.pl:443
CONNECTED(00000003)
depth=0 1.3.6.1.4.1.311.60.2.1.3 = DE, 1.3.6.1.4.1.311.60.2.1.1 = Frankfurt am
Main, businessCategory = Private Organization, serialNumber = HRB 30000, C =
DE, postalCode = 60325, ST = Hessen, L = Frankfurt am Main, street =
Taunusanlage 12, O = Deutsche Bank AG, OU = Deutsche Bank Polska S.A., CN =
ebank.db-pbc.pl
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 1.3.6.1.4.1.311.60.2.1.3 = DE, 1.3.6.1.4.1.311.60.2.1.1 = Frankfurt am
Main, businessCategory = Private Organization, serialNumber = HRB 30000, C =
DE, postalCode = 60325, ST = Hessen, L = Frankfurt am Main, street =
Taunusanlage 12, O = Deutsche Bank AG, OU = Deutsche Bank Polska S.A., CN =
ebank.db-pbc.pl
verify error:num=27:certificate not trusted
verify return:1
depth=0 1.3.6.1.4.1.311.60.2.1.3 = DE, 1.3.6.1.4.1.311.60.2.1.1 = Frankfurt am
Main, businessCategory = Private Organization, serialNumber = HRB 30000, C =
DE, postalCode = 60325, ST = Hessen, L = Frankfurt am Main, street =
Taunusanlage 12, O = Deutsche Bank AG, OU = Deutsche Bank Polska S.A., CN =
ebank.db-pbc.pl
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/1.3.6.1.4.1.311.60.2.1.3=DE/1.3.6.1.4.1.311.60.2.1.1=Frankfurt am
Main/businessCategory=Private Organization/serialNumber=HRB
30000/C=DE/postalCode=60325/ST=Hessen/L=Frankfurt am Main/street=Taunusanlage
12/O=Deutsche Bank AG/OU=Deutsche Bank Polska S.A./CN=ebank.db-pbc.pl
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3
EV SSL CA - G3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGnzCCBYegAwIBAgIQCgL39ODgr/z37hJt0dYGxzANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTYwMjA5MDAwMDAwWhcNMTcwMzEx
MjM1OTU5WjCCASkxEzARBgsrBgEEAYI3PAIBAxMCREUxIjAgBgsrBgEEAYI3PAIB
AQwRRnJhbmtmdXJ0IGFtIE1haW4xHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0
aW9uMRIwEAYDVQQFEwlIUkIgMzAwMDAxCzAJBgNVBAYTAkRFMQ4wDAYDVQQRDAU2
MDMyNTEPMA0GA1UECAwGSGVzc2VuMRowGAYDVQQHDBFGcmFua2Z1cnQgYW0gTWFp
bjEYMBYGA1UECQwPVGF1bnVzYW5sYWdlIDEyMRkwFwYDVQQKDBBEZXV0c2NoZSBC
YW5rIEFHMSIwIAYDVQQLDBlEZXV0c2NoZSBCYW5rIFBvbHNrYSBTLkEuMRgwFgYD
VQQDDA9lYmFuay5kYi1wYmMucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDJCHDXbNXF8o2m0YNzodlpra30iPihW36SxX4I4Sqybjf6BYaY7eHVcyzO
g7qYqGOP/Kkub2P7gYWS4lIAooBWHCxHLvn3MAKRrYZt6Vf5aofvs7nLSyrK0fR5
ZYEeLQfRbZhxWif4Y3GLPVs5JM0S8CjsIWtd6ieAZzC+Woqv9rv5JsjGen8/q4jI
pCbV+G7WJzZZbEfZdgUu39tUP3e9IiBVOjgqnaGIe5FdhH0wX1hk2VrjLNcTWvEG
sk38Yd4u/zeDn4T2uAmCqp3oN8sWfX4WJpQGreZ2oLvtal2g1GTw1uiIjyJQu5IV
k9KfQDdl3uYb4xt3j1HYL39zh0ILAgMBAAGjggJxMIICbTAaBgNVHREEEzARgg9l
YmFuay5kYi1wYmMucGwwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGYGA1UdIARfMF0wWwYLYIZIAYb4RQEH
FwYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYB
BQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUAVmr
5906C1mmZGPWzyAHV9WR52owKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NyLnN5
bWNiLmNvbS9zci5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRw
Oi8vc3Iuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Iuc3ltY2IuY29t
L3NyLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AN3rHSt6DU+mIIuBrYFo
cH4ujp0B1VyIjT0RxM227L7MAAABUsauMMcAAAQDAEcwRQIgcM/b+QtS2mdmmKbA
o2VR7EVzmAqZeb71m9ra1ZskfZwCIQCtQtJOZDoE4ENhN+k6Dyr6/Hmu1rsPbPzG
RqH0vC5aWgB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABUsau
MPkAAAQDAEcwRQIgHMw84bDQZazF2CqyhvJRd6dFfoT9oWIpW6zyc8oNc+4CIQCY
x6RpkcBQVH0+O4OM6Hu0GM9c6ZEe2VKpmIRsK6wk8jANBgkqhkiG9w0BAQsFAAOC
AQEAd9jL9BC9m62h3JBOfC870GrIPPDiTjKbp5wPu6QxOP2VrlHvZqJtv5Ffvve6
MmNxcoRyHKsqBzoHoQclAv8eEyVuTS56lDIAbA2gXJgEi0qOCFT735fB49aR7uyO
BQt3Iw7cIePxAs0ZaXdbyaCtoHx8Ib2an2vnHi9thAVw/+np+wfVsG/NBwWQSDeU
Xuj6PwgcaZ30uXQgcOlaaR1wyDd+/WvwtNl42avHsdSDKZDwooX8AknEJw8ZjAGI
LE3t3tF+wBihcF53wcry6e5cw11xHKkPQDloKZR0PU66WEnhL/JilodlD+r1skc9
lEtUpw0kX+Xd4wzYJkYDM8zPRw==
-----END CERTIFICATE-----
subject=/1.3.6.1.4.1.311.60.2.1.3=DE/1.3.6.1.4.1.311.60.2.1.1=Frankfurt am
Main/businessCategory=Private Organization/serialNumber=HRB
30000/C=DE/postalCode=60325/ST=Hessen/L=Frankfurt am Main/street=Taunusanlage
12/O=Deutsche Bank AG/OU=Deutsche Bank Polska S.A./CN=ebank.db-pbc.pl
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class
3 EV SSL CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 1868 bytes and written 653 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
Session-ID:
Session-ID-ctx:
Master-Key:
9D7579DAAB32B0537F580971E6E06E0929A3EE7D5465BAB2C67A76FF71579A4058552D8F8DF2B363C858D0EFAFB2704F
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1457000724
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
On up-to-date 14.04 :(
It was working few days ago and this is my bank ;(
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1551615
Title:
Alternative chain verification failure after 1024b root CAs removal
Status in ca-certificates package in Ubuntu:
Invalid
Status in ca-certificates package in Debian:
New
Bug description:
There is now the same problem on Ubuntu 14.04 as there is currently on
Debian 7.
See:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812708
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812488
Gist:
Openssl 1.0.1f can not verify certificates that have an alternative chain
without both root certificates present. The update 20160104ubuntu0.14.04.1
removes 1024bit certificates that are used within those chains.
Please don't push this update to vivid too!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1551615/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
