Fwiw, when inspecting the site with mozilla and chromeium I see the md2
cert in the root of the chain.
And openssl returns:
$ openssl s_client -connect secure-test.streamline-esolutions.com:443 ; openssl
s_client -connect secure-test.streamline-esolutions.com
Verify return code: 19 (self signed certificate in certificate chain)
Which makes me wonder if adding the md2 certs back is not the right
option as that is apparently what mozilla and chrome(ium) are doing.
Plus openssl fails.
Technically I think (but I have to admit a certain ignorance about the
standard) the verification chain is invalid because the server sends
that the certificate issuer of the cert in the middle is the md2 cert.
It just happens that gnutls implements the verification by trying to
find a issuer from the list of trusted certificates and does not rely on
the issuer set in the cert itself.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1031333
Title:
Missing Verisign certs due to broken extract script
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1031333/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
