Bug#532584: libshibsp1: Backchannel fails to contact AA

Russ Allbery rra at debian.org
Wed Jun 10 23:20:59 UTC 2009

"Scott Cantor" <cantor.2 at osu.edu> writes:

> I think this is the reference you want:
> http://marc.info/?t=123721089000002&r=1&w=2
> Something in debian got updated and corrupted a CA list. What I can't
> explain is why libcurl is even looking at it, but I'll look into that
> if I can reproduce that elsewhere.
> I override the trust processing libcurl does anyway, but it may still be
> installing the root list even though it gets ignored later.

Ah, yes.  If that's the case, then cleaning up the certificates in
/etc/ssl/certs to remove the duplicate should resolve the problem.

http://marc.info/?l=openssl-users&m=123729123505080&w=2 seems to be the
relevant solution.

Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>

More information about the Pkg-shibboleth-devel mailing list