FS#39707 : [ca-certificates] Certificate verify failed

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#39707 - [ca-certificates] Certificate verify failed

Attached to Project: Arch Linux
Opened by Tarqi Kazan (Tarqi) - Tuesday, 01 April 2014, 09:19 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 24 April 2014, 14:05 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Pierre Schmitz (Pierre)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 Tarqi Kazan (Tarqi) (2014-04-03) kyak (kyak) (2014-04-03)
Private	No

Details

Description:
Several Tools fail to verify root certificates.

Additional info:
core/ca-certificates 20140223-2
core/curl 7.36.0-1
community/ddclient 3.8.2-1

Steps to reproduce:
curl https://members.dyndns.org:
curl: (60) SSL certificate problem: unable to get local issuer certificate

ddclient (https://members.dyndns.org)
WARNING: cannot connect to members.dyndns.org:443 socket: IO::Socket::SSL: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed IO::Socket::INET configuration failed SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Notes:
Certificate on client side is the same as before.
Root-CA is DigiCert
Firefox succesfully connects

This task depends upon

Closed by Dave Reisner (falconindy)
Thursday, 24 April 2014, 14:05 GMT
Reason for closing: Fixed
Additional comments about closing: ca-certificates 20140325-1

Comments (5)
Related Tasks (0/0)

Comment by Tarqi Kazan (Tarqi) - Tuesday, 01 April 2014, 11:40 GMT

Correction: Certificate on the *SERVER* side is the same as before (not the client side as proposed in the bug report).

Comment by kyak (kyak) - Friday, 04 April 2014, 11:45 GMT

I was able to workaround this issue by setting server=members.dyndns.com, instead of members.dyndns.org in /etc/ddclient/ddclient.conf.

Comment by Tarqi Kazan (Tarqi) - Friday, 04 April 2014, 15:21 GMT

I can confirm this, members.dyndns.com works. However, i compared the certs of .com / .org and they look both good and identical (beside CN and so on). Also, Firefox on Linux and Windows opens both sites without problems. Since the certificates are not new and worked before, I suppose it has something to do with the latest ca-certificates update.

Comment by Jens Adam (byte) - Sunday, 06 April 2014, 02:00 GMT

Verified.
core/ca-certificates -> curl -vI http://members.dyndns.org -> fails, "curl: (60) SSL certificate problem: unable to get local issuer certificate"

testing/ca-certificates works.

[edit: Gruß aus Düsseldorf ;]

Comment by Tarqi Kazan (Tarqi) - Monday, 07 April 2014, 23:22 GMT

OT: Seems the bugtracker is going to be a social network, see comment https://bugs.archlinux.org/task/39742#comment121387 and below. I will stop this now, because I fear the admins will not like it :) (Gruß zurück, vom Rhein und nicht der Mosel... ;))

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Arch Linux

FS#39707 - [ca-certificates] Certificate verify failed

Details

Loading...