Hi Marc,
thanks for your feedback. That's interesting! My comman
echo | openssl s_client -connect www.google.com:443
works perfectly well on all my servers returning a positive result
except the servers that have been updated as far as I can see. When I
add the argument -CAfile /etc/ssl/certs/ca-certificates.crt it work on
these updated servers as well.
Now this looks like it's not a problem with the ca-certificate file but
with the default CA-Path changed...
Here is a list of updates that took place directly before the problem
occured:
Start-Date: 2016-02-25 06:36:45
Upgrade: libgnutls-openssl27:amd64 (2.12.23-12ubuntu2.4, 2.12.23-12ubuntu2.5),
libssl1.0.0:amd64 (1.0.1f-1ubuntu2.16, 1.0.1f-1ubuntu2.17),
ca-certificates:amd64 (20141019ubuntu0.14.04.1, 20160104ubuntu0.14.04.1),
libgnutls26:amd64 (2.12.23-12ubuntu2.4, 2.12.23-12ubuntu2.5), openssl:amd64
(1.0.1f-1ubuntu2.16, 1.0.1f-1ubuntu2.17)
End-Date: 2016-02-25 06:36:58
I guess then this bug report has to be moved to the package that changed
the default CA-Path I guess?
Here is the output of: apt-cache policy libssl1.0.0
libssl1.0.0:
Installiert: 1.0.1f-1ubuntu2.17
Installationskandidat: 1.0.1f-1ubuntu2.17
Versionstabelle:
*** 1.0.1f-1ubuntu2.17 0
500 http://de.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64
Packages
100 /var/lib/dpkg/status
1.0.1f-1ubuntu2 0
500 http://de.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
Thanks - Max
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1549709
Title:
getting "unable to get local issuer certificate" for valid domains
after upgrading to 20160104ubuntu0.14.04.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1549709/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
