Summary: Some Gentoo systems have 2 (related) CA certs in one of the
files in the standard root CA bundle, one of the CAs is listed separately
in another file. This leads to problems where the same trusted root is
loaded twice.
Working with a poster to the OpenSSL-users list, this was resolved today:
http://marc.info/?l=openssl-users&m=123721072930382&w=2
there was a previous unresolved report of the same issue misdirected
to postfix-devel:
http://www.pubbs.net/postfix/200901/25273/
This post is for the archives. Not much more to say, the Gentoo (and
perhaps other) distribution root CA bundle is slightly broken and with
any luck will be fixed not too long from now.
--
Viktor.
