Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more

Wed Dec 3 07:13:42 UTC 2008

Package: libgnutls26
Version: 2.4.2-3
Severity: important

Hi,

Since I updated libgnutls26 from 2.4.2-1 to 2.4.2-3 kMyMoney2 does not connect to my bank 
any more.
When I run gnutls-cli --insecure -p 443 hbci-pintan-rp.s-hbci.de -d 4711 --print-cert it 
says

- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-256-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

For the three certificates which I get, the Issuer's DN are:

# Issuer's DN: O=VeriSign Trust Network,OU=VeriSign\, Inc.,OU=VeriSign International Server 
CA - Class 3,OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
# Issuer's DN: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority
# Issuer's DN: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority

If you need more information, please tell me

Michael

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libgnutls26 depends on:
ii  libc6                  2.7-16            GNU C Library: Shared libraries
ii  libgcrypt11            1.4.1-1           LGPL Crypto library - runtime libr
ii  libgpg-error0          1.4-2             library for common error values an
ii  libtasn1-3             1.4-1             Manage ASN.1 structures (runtime)
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

libgnutls26 recommends no packages.

Versions of packages libgnutls26 suggests:
pn  gnutls-bin                    <none>     (no description available)

-- debconf-show failed