Bug#672345: gnutls-bin: recent versions don't like RapidSSL signatures

Russell Coker russell at coker.com.au
Thu May 10 09:14:27 UTC 2012 

Package: gnutls-bin
Version: 3.0.19-2
Severity: normal

$ gnutls-cli -V mail.bluebottle.com -p 443
Processed 152 CA certificate(s).
Resolving 'mail.bluebottle.com'...
Connecting to '176.9.67.91:443'...
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- The hostname in the certificate matches 'mail.bluebottle.com'.
*** Verifying server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.

The above is what happens when I use gnutls-cli from a Debian/Unstable system
to try and connect to a web server with a RapidSSL signed certificate.

Doing the same thing with a Debian/Squeeze system gets the following:

Resolving 'mail.bluebottle.com'...
Connecting to '176.9.67.91:443'...
- Ephemeral Diffie-Hellman parameters
 - Using prime: 1024 bits
 - Secret key: 1020 bits
 - Peer's public key: 1023 bits
- Certificate type: X.509
 - Got a certificate list of 1 certificates.
 - Certificate[0] info:
  - X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 0315ad
        Issuer: C=US,O=GeoTrust\, Inc.,CN=RapidSSL CA
        Validity:
                Not Before: Thu Sep 08 06:25:53 UTC 2011
                Not After: Wed Oct 09 15:30:26 UTC 2013
        Subject: serialNumber=wTi3elrgd2VQGCQkWxRZyctXBhdd4vRf,C=AU,O=*.bluebottle.com,OU=GT42855799,OU=See www.rapidssl.com/resources/cps (c)11,OU=Domain Control Validated - RapidSSL(R),CN=*.bluebottle.com
        Subject Public Key Algorithm: RSA
                Modulus (bits 2048):

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnutls-bin depends on:
ii  libc6        2.13-32
ii  libgmp10     2:5.0.5+dfsg-1.1
ii  libgnutls28  3.0.19-2
ii  libhogweed2  2.4-1
ii  libidn11     1.24-2
ii  libnettle4   2.4-1
ii  libopts25    1:5.12-0.1
ii  libp11-kit0  0.12-3
ii  libtasn1-3   2.12-1
ii  zlib1g       1:1.2.7.dfsg-1

gnutls-bin recommends no packages.

gnutls-bin suggests no packages.

-- no debconf information

More information about the Pkg-gnutls-maint mailing list