Custom Query (1145 matches)
Results (112 - 114 of 1145)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#1363 | fixed | Re-import moira to pick up new firewall changes | jdreed | |
#1358 | fixed | config-package-dev should not hardcode dpkg-divert path | jdreed | |
Description |
Per 709009. It only does this in the CPD code, in check-files.mk |
|||
#1356 | fixed | Debian certificate store does not trust InCommon signer | geofft | |
Description |
geofft@leveret:~$ gnutls-cli scripts.mit.edu -p 443 Resolving 'scripts.mit.edu'... Connecting to '18.181.0.43:443'... - Ephemeral Diffie-Hellman parameters - Using prime: 1024 bits - Secret key: 1023 bits - Peer's public key: 1022 bits - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `serialNumber=sKLt5io360jM-oAd2EGLNK0EraXwXE46,C=US,ST=Massachusetts,L=Cambridge,O=Massachusetts Institute of Technology,OU=scripts.mit.edu web hosting service,CN=scripts.mit.edu', issuer `C=US,O=GeoTrust\, Inc.,CN=GeoTrust SSL CA', RSA key 4096 bits, signed using RSA-SHA1, activated `2011-05-24 11:40:52 UTC', expires `2016-06-24 16:28:06 UTC', SHA-1 fingerprint `422672285446d04a057fb038d917ab39fa868c02' - Certificate[1] info: - subject `C=US,O=GeoTrust\, Inc.,CN=GeoTrust SSL CA', issuer `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2010-02-19 22:39:26 UTC', expires `2020-02-18 22:39:26 UTC', SHA-1 fingerprint `780a06f6e9b4061cad0c6502710606eb535f1c26' - The hostname in the certificate matches 'scripts.mit.edu'. - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS1.0 - Key Exchange: DHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: You see the same sort of thing with an OpenSSL-using client (openssl, socat, etc.). I am a little confused, because Iceweasel trusts it just fine, and I _thought_ that Debian had hacked up iceweasel / its libnss3 to use the system certificate store -- also because I thought Debian regularly syncs ca-certificates with the Mozilla list of trusted certs (and then makes some capricious changes on their own like including CACert, but). |
Note: See TracQuery
for help on using queries.