reassign 573736 libgnutls26 2.8.6-1 thanks Hi GnuTLS maintainers,
As mirabilos reports, verification of the alioth.debian.org certificates is failing, which means that commands such as git clone https://alioth.debian.org/anonscm/git/pkg-wml/pkg-wml.git fail. The problem is reproducible using gnutls-cli. Ideas? Thorsten Glaser wrote: > Jonathan Nieder dixit: >> - The hostname in the certificate matches '<host>' >> - Peer's certificate issuer is unknown >> - Peer's certificate is NOT trusted > > Interesting, as it should be trusted. Maybe GnuTLS has a problem > with the certificate _chain_ involving an intermediate? Maybe. This command gives more output: gnutls-cli -V --x509cafile /etc/ssl/certs/ca-certificates.crt -p 443 $host It likes sourceforge.net (one signature) and dislikes alioth.debian.org (three-signature chain), so that could be it. Reassigning to libgnutls26 since this is reproducible without use of git or curl. >> people elsewhere do) and when using GnuTLS backend (as Debian does for > political >> reasons)? Yes, politics or paranoia. I find it unlikely that some copyright holder for GPL code in Git is going to sue over use of OpenSSL, but Debian policy is to worry about it anyway. Though in the case of libcurl (the part of the interface Git uses is backend-agnostic) it doesn’t seem so cut and dried to me. Thanks, Jonathan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org