*** This bug is a duplicate of bug 1881533 ***
https://bugs.launchpad.net/bugs/1881533
** This bug has been marked a duplicate of bug 1881533
Remove expired AddTrust_External_Root.crt because it breaks software
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1881582
Title:
ca-certificates missing some root CA
Status in ca-certificates package in Ubuntu:
New
Bug description:
I started seeing certificate errors in curl recently on Ubuntu 16.04.
Here's an example:
$ curl -svo /dev/null --resolve ngrok.com:443:34.211.12.31 https://ngrok.com/
* Added ngrok.com:443:34.211.12.31 to DNS cache
* Hostname ngrok.com was found in DNS cache
* Trying 34.211.12.31...
* Connected to ngrok.com (34.211.12.31) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 596 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
I have latest version of ca-certificates installed. On Ubuntu 20.04
everything works fine:
$ curl -svo /dev/null --resolve ngrok.com:443:34.211.12.31 https://ngrok.com/
* Added ngrok.com:443:34.211.12.31 to DNS cache
* Hostname ngrok.com was found in DNS cache
* Trying 34.211.12.31:443...
* TCP_NODELAY set
* Connected to ngrok.com (34.211.12.31) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [106 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4439 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.ngrok.com
* start date: Mar 10 00:00:00 2020 GMT
* expire date: Mar 10 23:59:59 2021 GMT
* subjectAltName: host "ngrok.com" matched cert's "ngrok.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited;
CN=Sectigo RSA Domain Validation Secure Server CA
* SSL certificate verify ok.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: ca-certificates 20170717~16.04.2
ProcVersionSignature: Ubuntu 4.15.0-101.102~16.04.1-generic 4.15.18
Uname: Linux 4.15.0-101-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.23
Architecture: amd64
Date: Mon Jun 1 13:51:14 2020
InstallationDate: Installed on 2011-04-14 (3336 days ago)
InstallationMedia: Ubuntu-Server 10.04.2 LTS "Lucid Lynx" - Release amd64
(20110211.1)
PackageArchitecture: all
ProcEnviron:
TERM=screen.xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: ca-certificates
UpgradeStatus: Upgraded to xenial on 2016-07-30 (1401 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1881582/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
