Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more
Andreas Metzler
ametzler at downhill.at.eu.org
Wed Dec 3 19:19:56 CET 2008
On 2008-12-03 Michael Kiefer <Michael-Kiefer at web.de> wrote:
> Package: libgnutls26
> Version: 2.4.2-3
> Severity: important
> Since I updated libgnutls26 from 2.4.2-1 to 2.4.2-3 kMyMoney2 does
> not connect to my bank any more. When I run gnutls-cli --insecure
> -p 443 hbci-pintan-rp.s-hbci.de -d 4711 --print-cert it says
> - Peer's certificate issuer is unknown
> - Peer's certificate is NOT trusted
[...]
FWIW adding or dropping
http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/20_GNUTLS-SA-2008-3.patch?op=file&rev=0&sc=0
indeed makes
gnutls-cli -p 443 hbci-pintan-rp.s-hbci.de --x509cafile \
/etc/ssl/certs/ca-certificates.crt
succeed or not succeed in verifying the server certificate.
openssl s_client -connect hbci-pintan-rp.s-hbci.de:443 -CApath \
/etc/ssl/certs
also reports "Verify return code: 0 (ok)"
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Gnutls-devel
mailing list