gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more

From: Andreas Metzler
Subject: Re: Bug#507633: libgnutls26: GnuTLS does not know VeriSign any more
Date: Wed, 3 Dec 2008 19:19:56 +0100
User-agent: Mutt/1.5.18 (2008-05-17) 
On 2008-12-03 Michael Kiefer <address@hidden> wrote:
> Package: libgnutls26
> Version: 2.4.2-3
> Severity: important

> Since I updated libgnutls26 from 2.4.2-1 to 2.4.2-3 kMyMoney2 does
> not connect to my bank any more.  When I run gnutls-cli --insecure
> -p 443 hbci-pintan-rp.s-hbci.de -d 4711 --print-cert it says

> - Peer's certificate issuer is unknown
> - Peer's certificate is NOT trusted
[...]

FWIW adding or dropping
http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/20_GNUTLS-SA-2008-3.patch?op=file&rev=0&sc=0
indeed makes

gnutls-cli  -p 443 hbci-pintan-rp.s-hbci.de --x509cafile \
/etc/ssl/certs/ca-certificates.crt

succeed or not succeed in verifying the server certificate. 

openssl s_client -connect  hbci-pintan-rp.s-hbci.de:443 -CApath \
/etc/ssl/certs

also reports "Verify return code: 0 (ok)"
cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
reply via email to
[Prev in Thread] Current Thread [Next in Thread]