Bug#445906: boinc-client: SSL fails with ca-bundle.crt linked to ca-certificates
Frank S. Thomas
frank at thomas-alfeld.de
Tue Oct 9 22:12:07 UTC 2007
Hi Greg,
On Tuesday 09 October 2007, Greg Norris wrote:
> With the supplied ~boinc/ca-bundle.crt, which is a symlink to
> /etc/ssl/certs/ca-certificates.crt, boinc-client is unable to
> communicate with the World Community Grid project (which requires SSL).
> The logfile shows the following error messages:
> 2007-10-05 20:21:50 [World Community Grid] Scheduler request failed: Peer
> certificate cannot be authenticated with known CA certificates
> After replacing the symlink with ca-bundle.crt from upstream, everything
> works as expected.
Upstream's ca-bundle.crt comes from the cURL sources. It is the same file that
curl_7.17.0.orig.tar.gz contains as curl-7.17.0/lib/ca-bundle.crt, however it
is not shipped in any cURL .deb package.
WCG's issuer certificate has the common name "Entrust.net Secure Server
Certification Authority" and both files, curl-7.17.0/lib/ca-bundle.crt
and /etc/ssl/certs/ca-certificates.crt, contain this certificate bas64
encoded. cURL's ca-bundle.crt additionally contains this certificate in clear
text. Could this be the problem? I need to investigate further.
Grüße,
Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-boinc-devel/attachments/20071010/1354fa1d/attachment.pgp
More information about the pkg-boinc-devel
mailing list