Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#61581 - p11-kit 0.23.15-1 breaks all ssl connections

Attached to Project: Arch Linux
Opened by hannes (hannesvhe) - Wednesday, 30 January 2019, 20:14 GMT
Last edited by Jan de Groot (JGC) - Friday, 31 May 2019, 06:37 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
After upgrading p11-kit 0.23.14-1 to p11-kit 0.23.15-1 all ssl connection certification becomes invalid.
In the log file I see the following:

21:09:04 gnome-shell: p11-kit: 'ret >=0' not true at loader_load_directory
20:52:52 systemd: Closed p11-kit server.
20:52:52 systemd: p11-kit-server.socket: Succeeded.
20:52:30 systemd: Listening on p11-kit server.


Steps to reproduce:
downgrading and upgrading package. afterwards open a browser and go to a https site like google.com
This task depends upon

Closed by  Jan de Groot (JGC)
Friday, 31 May 2019, 06:37 GMT
Reason for closing:  Not a bug
Additional comments about closing:  permission error
Comment by Daniel M. Capella (polyzen) - Wednesday, 30 January 2019, 20:17 GMT
Works here. Is your system fully up-to-date? If not, do a system upgrade and try again.
Comment by hannes (hannesvhe) - Wednesday, 30 January 2019, 20:19 GMT
It is fully upgraded except for that package. Running 4.20.5-arch1-1-ARCH
Comment by Johannes Ziegenbalg (ll.cool.joe) - Wednesday, 13 February 2019, 21:54 GMT
I have the same problem on my work system, running 4.20.6-zen1-1-zen. But on my private machine everything works just fine.
I found this Reddit thread regarding the same issue https://www.reddit.com/r/Fedora/comments/aksa8l/fedora_29_cannot_open_webpage_with_https/

As there mentioned `trust list` triggers the bug on my Work machine.
Comment by marc boocha (marcthe12) - Thursday, 14 February 2019, 07:39 GMT
Same for me. The issue is cause by p11-kit package or ca-certifictates.
Even the programs like aurutils and firefox are effected by this.
Comment by marc boocha (marcthe12) - Tuesday, 26 February 2019, 11:24 GMT
Did some researching and found this manjaro thread https://forum.manjaro.org/t/p11-kit-ret-0-not-true-at-loader-load-directory/76024/3
The cause is /etc/ca-certificates/trust-source/anchors/ca.crt has permission issues (not readable as non root)
Comment by hannes (hannesvhe) - Tuesday, 26 February 2019, 13:31 GMT
Thanks!

I had a certificate in /usr/share/ca-certificates/trust-source/anchors/ that i added manually long ago.
Changing the permissions fixed that.

Loading...