*** This bug is a duplicate of bug 1881533 ***
    https://bugs.launchpad.net/bugs/1881533

** This bug has been marked a duplicate of bug 1881533
   Remove expired AddTrust_External_Root.crt because it breaks software

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1881582

Title:
  ca-certificates missing some root CA

Status in ca-certificates package in Ubuntu:
  New

Bug description:
  I started seeing certificate errors in curl recently on Ubuntu 16.04.
  Here's an example:

  $ curl -svo /dev/null --resolve ngrok.com:443:34.211.12.31 https://ngrok.com/
  * Added ngrok.com:443:34.211.12.31 to DNS cache
  * Hostname ngrok.com was found in DNS cache
  *   Trying 34.211.12.31...
  * Connected to ngrok.com (34.211.12.31) port 443 (#0)
  * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
  * found 596 certificates in /etc/ssl/certs
  * ALPN, offering http/1.1
  * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
  * server certificate verification failed. CAfile: 
/etc/ssl/certs/ca-certificates.crt CRLfile: none
  * Closing connection 0

  I have latest version of ca-certificates installed. On Ubuntu 20.04
  everything works fine:

  $ curl -svo /dev/null --resolve ngrok.com:443:34.211.12.31 https://ngrok.com/
  * Added ngrok.com:443:34.211.12.31 to DNS cache
  * Hostname ngrok.com was found in DNS cache
  *   Trying 34.211.12.31:443...
  * TCP_NODELAY set
  * Connected to ngrok.com (34.211.12.31) port 443 (#0)
  * ALPN, offering h2
  * ALPN, offering http/1.1
  * successfully set certificate verify locations:
  *   CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  } [5 bytes data]
  * TLSv1.3 (OUT), TLS handshake, Client hello (1):
  } [512 bytes data]
  * TLSv1.3 (IN), TLS handshake, Server hello (2):
  { [106 bytes data]
  * TLSv1.2 (IN), TLS handshake, Certificate (11):
  { [4439 bytes data]
  * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  { [300 bytes data]
  * TLSv1.2 (IN), TLS handshake, Server finished (14):
  { [4 bytes data]
  * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  } [37 bytes data]
  * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
  } [1 bytes data]
  * TLSv1.2 (OUT), TLS handshake, Finished (20):
  } [16 bytes data]
  * TLSv1.2 (IN), TLS handshake, Finished (20):
  { [16 bytes data]
  * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  *  subject: CN=*.ngrok.com
  *  start date: Mar 10 00:00:00 2020 GMT
  *  expire date: Mar 10 23:59:59 2021 GMT
  *  subjectAltName: host "ngrok.com" matched cert's "ngrok.com"
  *  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; 
CN=Sectigo RSA Domain Validation Secure Server CA
  *  SSL certificate verify ok.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: ca-certificates 20170717~16.04.2
  ProcVersionSignature: Ubuntu 4.15.0-101.102~16.04.1-generic 4.15.18
  Uname: Linux 4.15.0-101-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.23
  Architecture: amd64
  Date: Mon Jun  1 13:51:14 2020
  InstallationDate: Installed on 2011-04-14 (3336 days ago)
  InstallationMedia: Ubuntu-Server 10.04.2 LTS "Lucid Lynx" - Release amd64 
(20110211.1)
  PackageArchitecture: all
  ProcEnviron:
   TERM=screen.xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: ca-certificates
  UpgradeStatus: Upgraded to xenial on 2016-07-30 (1401 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1881582/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to