FS#69753 - ca-certificate-mozilla: Removal of GeoTrust Global CA
Attached to Project:
Arch Linux
Opened by james stronz (comrumino) - Tuesday, 23 February 2021, 20:32 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 23 February 2021, 21:00 GMT
Opened by james stronz (comrumino) - Tuesday, 23 February 2021, 20:32 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 23 February 2021, 21:00 GMT
|
Details
Description:
Removal of GeoTrust results in certificates not being trusted when they should be. For example Additional info: * package version(s) 3.62-1 * link to upstream bug report, if any https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962596 Steps to reproduce: Option 1: visit help.apple.com Option 2: use gnutls-cli > gnutls-cli help.apple.com Processed 139 CA certificate(s). Resolving 'help.apple.com:443'... Connecting to '184.87.216.75:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `C=US,ST=California,O=Apple Inc.,OU=management:idms.group.1208920,CN=help.apple.com', issuer `C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1', serial 0x3b387dc7032e7e1eb93b4243d21586d3, RSA key 2048 bits, signed using RSA-SHA256, activated `2019-04-15 01:37:24 UTC', expires `2021-05-14 01:37:24 UTC', pin-sha256="cSD+Ca9FxkRPXk9DMwaj6gprVTHA7qPsDY202NLJYac=" Public Key ID: sha1:25e24f80cd3a44beabd88fe392e4e0d65c4586b5 sha256:7120fe09af45c6444f5e4f433306a3ea0a6b5531c0eea3ec0d8db4d8d2c961a7 Public Key PIN: pin-sha256:cSD+Ca9FxkRPXk9DMwaj6gprVTHA7qPsDY202NLJYac= - Certificate[1] info: - subject `C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1', issuer `CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US', serial 0x023a74, RSA key 2048 bits, signed using RSA-SHA256, activated `2014-06-16 15:42:02 UTC', expires `2022-05-20 15:42:02 UTC', pin-sha256="tc+C1H75gj+ap48SMYbFLoh56oSw+CLJHYPgQnm3j9U=" - Status: The certificate is NOT trusted. The certificate issuer is unknown. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. |
This task depends upon
Closed by Doug Newgard (Scimmia)
Tuesday, 23 February 2021, 21:00 GMT
Reason for closing: Upstream
Additional comments about closing: https://developer.mozilla.org/en-US/docs /Mozilla/Projects/NSS/NSS_3.60_release_n otes
Tuesday, 23 February 2021, 21:00 GMT
Reason for closing: Upstream
Additional comments about closing: https://developer.mozilla.org/en-US/docs /Mozilla/Projects/NSS/NSS_3.60_release_n otes