Bug#1007138: libgnutls30: fails on Let's Encrypt chains due to blacklisted expired root certificate
Paul Wise
pabs at debian.org
Sun Jul 17 02:40:09 BST 2022
Control: severity -1 important
Control: retitle -1 libgnutls30: fails to validate when the server cert is duplicated in the cert chain
On Sat, 12 Mar 2022 07:43:28 +0100 Andreas Metzler wrote:
> ci.debian.net seems to be configured less than optimal, its cert-chain
> contains junk (0=server cert, 1=server cert *again*, etc.).
I have seen this issue (duplicate server cert) on several other sites.
For some of them I was able to convince the server operator to fix the
issue but for others I wouldn't even know who to contact. So I think
that this issue needs to be fixed in GnuTLS and that this bug should be
fixed before the release of Debian bookworm, because it makes programs
using GnuTLS somewhat unusable now. Please bump severity if you agree.
--
bye,
pabs
https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20220717/3a61c327/attachment.sig>
More information about the Pkg-gnutls-maint
mailing list