From owner-freebsd-gecko@FreeBSD.ORG Tue Apr 21 17:54:36 2015 Return-Path: Delivered-To: gecko@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2A010153 for ; Tue, 21 Apr 2015 17:54:36 +0000 (UTC) Received: from vfemail.net (ninezero.vfemail.net [96.30.253.190]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DEE7017D6 for ; Tue, 21 Apr 2015 17:54:35 +0000 (UTC) Received: (qmail 29416 invoked by uid 89); 21 Apr 2015 17:54:27 -0000 Received: from localhost (HELO freequeue.vfemail.net) (127.0.0.1) by localhost with (DHE-RSA-AES256-SHA encrypted) SMTP; 21 Apr 2015 17:54:27 -0000 Received: (qmail 29322 invoked by uid 89); 21 Apr 2015 17:54:10 -0000 Received: by simscan 1.3.1 ppid: 29318, pid: 29320, t: 0.1009s scanners:none Received: from unknown (HELO smtp102-2.vfemail.net) (172.16.100.62) by FreeQueue with SMTP; 21 Apr 2015 17:54:10 -0000 Received: (qmail 14035 invoked by uid 89); 21 Apr 2015 17:54:10 -0000 Received: by simscan 1.4.0 ppid: 13998, pid: 14028, t: 0.6592s scanners:none Received: from unknown (HELO nil) (amJlaWNoQHZmZW1haWwubmV0@172.16.100.27) by 172.16.100.62 with ESMTPA; 21 Apr 2015 17:54:09 -0000 From: Jan Beich To: Ingo Flaschberger Cc: gecko@FreeBSD.org Subject: Re: Thawte Premium Server CA missing in ca_root_nss-3.18 References: <5536732C.6080403@gmail.com> Date: Tue, 21 Apr 2015 19:53:59 +0200 In-Reply-To: <5536732C.6080403@gmail.com> (Ingo Flaschberger's message of "Tue, 21 Apr 2015 17:56:28 +0200") Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Gecko Rendering Engine issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2015 17:54:36 -0000 --=-=-= Content-Type: text/plain Ingo Flaschberger writes: > the Thawte Premium Server CA is missing. > > Details: > https://www.thawte.com/roots/ > Root 2 > Thawte Premium Server CA > > openssl s_client -CAfile /usr/local/share/certs/ca-root-nss.crt > -showcerts -connect ssltest28.bbtest.net:443 > Verify return code: 21 (unable to verify the first certificate) Likely intentional. Also, neither gecko@ nor ports-secteam@ wants to be responsible for verifying Root CAs. https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/ https://svnweb.freebsd.org/changeset/ports/215953 > > with cert: > Verify return code: 0 (ok) > > Kind regards, > Ingo Flaschberger --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQF8BAEBCgBmBQJVNo63XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQjQ0MzY3NEM3RDIzNTc4NkUxNDkyQ0VF NEM3Nzg4MzQ3OURCRERCAAoJEOTHeINHnb3bGO8H/3KAxE9nfD7AsI6fYVdsdXQq IEJhGpwK6UrgJJopl2/84GP+oxOoWm/rjfRLtyf6fIxqbVFMdLWNAoh/11hIKiJm Viih7xxBS2HvReAxTobrZUzYfWR7AS7nEt6iJtSY7Rg+dRdwETyWbIpNwdmf+Ugq 81crTy0jXqla2gAK5ukOXI3X5uJ0pt4vb+LCXjmoIhO+G2roloLm5ZHdg+BPemJA YO6FPCsXgm9CxJEQygENU2xRmZ+4VgmuiR7SJ3/tE2ihYOPkQqKs4o883b6CTLqo Mjmp+z7a5I8GcHpe1PA22hD4ChZw7BIh6fmVVCe+9XHuO2jTaxDYZDgcHkNUPec= =xkJQ -----END PGP SIGNATURE----- --=-=-=--