Bug#1022199: apt: certificate verification fails after adding custom root certificates through ca-certificates
David Kalnischkies
david at kalnischkies.de
Tue Oct 25 07:01:57 BST 2022
On Sun, Oct 23, 2022 at 11:03:19PM +0200, Julian Andres Klode wrote:
> apt just calls gnutls_certificate_set_x509_system_trust() and
> gnutls_set_default_priority() so this should not be our issue.
Also, on a side note, I have a custom CA (without an immediate) and apt
and co are happy with it. The other difference to my setup is that
I place my certificate in /usr/local/share/ca-certificates/ which avoids
further configuration as update-ca-certificates will pick them up
directly from there (see its manpage).
It might help if you can check if the chaining is part of the problem
or what else might be specific to your setup. Perhaps its the algorithms
used and e.g. gnutls not implementing the EC curves you used (or
something like that or not at all – its just something I ran into in
the past, although not with gnutls, that worked back then…).
Best regards
David Kalnischkies
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20221025/53a61242/attachment.sig>
More information about the Pkg-gnutls-maint
mailing list