Date: Tue, 21 Apr 2015 19:53:59 +0200 From: Jan Beich <jbeich@FreeBSD.org> To: Ingo Flaschberger <ingo.flaschberger@gmail.com> Cc: gecko@FreeBSD.org Subject: Re: Thawte Premium Server CA missing in ca_root_nss-3.18 Message-ID: <iocp-s6yw-wny@FreeBSD.org> In-Reply-To: <5536732C.6080403@gmail.com> (Ingo Flaschberger's message of "Tue, 21 Apr 2015 17:56:28 %2B0200") References: <5536732C.6080403@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain Ingo Flaschberger <ingo.flaschberger@gmail.com> writes: > the Thawte Premium Server CA is missing. > > Details: > https://www.thawte.com/roots/ > Root 2 > Thawte Premium Server CA > > openssl s_client -CAfile /usr/local/share/certs/ca-root-nss.crt > -showcerts -connect ssltest28.bbtest.net:443 > Verify return code: 21 (unable to verify the first certificate) Likely intentional. Also, neither gecko@ nor ports-secteam@ wants to be responsible for verifying Root CAs. https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/ https://svnweb.freebsd.org/changeset/ports/215953 > > with cert: > Verify return code: 0 (ok) > > Kind regards, > Ingo Flaschberger --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQF8BAEBCgBmBQJVNo63XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQjQ0MzY3NEM3RDIzNTc4NkUxNDkyQ0VF NEM3Nzg4MzQ3OURCRERCAAoJEOTHeINHnb3bGO8H/3KAxE9nfD7AsI6fYVdsdXQq IEJhGpwK6UrgJJopl2/84GP+oxOoWm/rjfRLtyf6fIxqbVFMdLWNAoh/11hIKiJm Viih7xxBS2HvReAxTobrZUzYfWR7AS7nEt6iJtSY7Rg+dRdwETyWbIpNwdmf+Ugq 81crTy0jXqla2gAK5ukOXI3X5uJ0pt4vb+LCXjmoIhO+G2roloLm5ZHdg+BPemJA YO6FPCsXgm9CxJEQygENU2xRmZ+4VgmuiR7SJ3/tE2ihYOPkQqKs4o883b6CTLqo Mjmp+z7a5I8GcHpe1PA22hD4ChZw7BIh6fmVVCe+9XHuO2jTaxDYZDgcHkNUPec= =xkJQ -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?iocp-s6yw-wny>