Package: git Version: 1:2.1.3-1 Severity: important Hi,
In jessie, git no longer accepts end-entity or intermediate certificates for validating a https server certificate. This worked in wheezy and is thus a significant regressesion. To reproduce, run: cat > w << EOF && -----BEGIN CERTIFICATE----- MIIFejCCBGKgAwIBAgIQToSxUkJRuXHq6GShiZ6UmTANBgkqhkiG9w0BAQsFADBf MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw HhcNMTQwNjIzMDAwMDAwWhcNMTYwNjIzMjM1OTU5WjBcMSEwHwYDVQQLExhEb21h aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT TDEaMBgGA1UEAxMRd3d3LnBhbGZyYWRlci5vcmcwggGiMA0GCSqGSIb3DQEBAQUA A4IBjwAwggGKAoIBgQC8oPtzgAShwDQxpqeuA/mdiBd4mwA+vCsvrQD058zO7ttQ O+XKsUZ6Bv6BSitMLJiGrn45fcwkn1meXDgYf65EyFw6LJXT7EFs6axtqkvpV4fl VI7oWwG720l2fThHO/Z7iMNuorPxJcM39zzt5GtEHKMq1dP+YWn6OF0mi7cbGu95 0PT2ueuO1hF0TAWCK5LuRf3vwKqbhBL0EMwcMqpG7h5WxcxdX3tRIlwG8OoDGw/u 1v4WCyU1KY4qGmtWvuW5+jzHR5gkIgYJzhBcwpQPqzGrHm7c8cjBV5S6b8XvyGMQ 0SrEe6ex8kip/Wuh8aAg5iXK3+EJIadAGvGoBxZcO6hiQNoUDRjw8qbq813sPpks kosGvQsxbi+0Rqp3Xw67JaKAXZdnbDY9Gj3XqMrISXeKvFTUKsSx1B6qu71asI8T bLDYN1O/n9L7c8jH/XpF9uhbKkv2oP6ld05LAInNhTyaJuPwEeZRpIB6yOnYU3b7 URv3j6+4QbGEq27IMg0CAwEAAaOCAbMwggGvMB8GA1UdIwQYMBaAFLOQp9jJr07N YTyffK1df0H9aTDqMB0GA1UdDgQWBBSIvCKT3k4/gqibe5ZL4mI7ILI3vTAOBgNV HQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsGAQUFBwIB FhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNVHR8EOjA4 MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNT TENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRwOi8vY3J0 LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYIKwYBBQUH MAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wKwYDVR0RBCQwIoIRd3d3LnBh bGZyYWRlci5vcmeCDXBhbGZyYWRlci5vcmcwDQYJKoZIhvcNAQELBQADggEBADyo L/7Y2yOjAjEknZfHv56xPKmHztkeP4N1X1fwW63sq8ZfPtXTyF7qZHzUjN3Bg+xB 0n6+ojl9H013QUnGc9lPcwDkGCt63bcm+WoHn7dllmvkEifHckZHk4QQup4Ni5Jw HE05gWdJDIxVT3VnnD9UtLN+WpzksPnNZ81HfRQJp34yGkNTd52n5lo8zmygg/96 kXY3rh7gASx9qm2F7fc92igqDW8CbGY4sn0kOVxb4CzpiNfMUcYOC7JZRcZQynlP 8YzlHdn+y5s1ykBpEHujhGK306SB2Z1k444mLwIk3/RLGuLMOBEeh7DE3RHE/qJK T/fNb04E4tA6QTx905A= -----END CERTIFICATE----- EOF GIT_CURL_VERBOSE=1 git -c http.sslCAInfo=w clone https://www.palfrader.org/git/tools/weaselutils.git test This works on wheezy, but does not work with jessie. Cheers, weasel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
