Bug#787157: [bts] bts show fails completly due to ssl issue
Klaus Ethgen
Klaus at Ethgen.de
Fri May 29 08:46:47 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package: devscripts
Version: 2.15.4
Severity: normal
See the following:
~> bts -m show XXXXXX
bts: couldn't download http://bugs.debian.org/762709:
500 Can't connect to bugs.debian.org:443 (certificate verify failed)
The following certificates (and only them) are enabled in
ca-certificates:
- - CAcert/class3.crt
- - CAcert/root.crt
- - mozilla/USERTrust_RSA_Certification_Authority.crt
There is several stuff wrong with bts here:
1. The URL in the error message should not be http when it really uses
https. With http, that error makes no sense.
2. Looking at bugs.debian.org via gnutls-cli shows that the
certificate-tree is:
- O=The USERTRUST Network,CN=USERTrust RSA Certification Authority
- O=Gandi,CN=Gandi Standard SSL CA 2
- CN=bugs.debian.org
There is no Gandi certificate in ca-certificates but as the root
certificate is valid, it should not fail
3. All Debian domains already utilizing DANE, so there is no reason to
not use it. That is much more trustable than some random and
extraordinary SSL certificate issuing companies with no real reason
why one should trust them.
Please fix bts to do SSL in a way that is usable and give proper error
messages.
- -- Package-specific info:
- --- /etc/devscripts.conf ---
- --- ~/.devscripts ---
BTS_CACHE_MODE=full
BTS_INCLUDE_RESOLVED=no
DEBSIGN_KEYID=0x79D0B06F4E20AF1C
- -- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (800, 'unstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.19.5 (SMP w/8 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.0
ii libc6 2.19-18
ii perl 5.20.2-6
ii python3 3.4.2-2
pn python3:any <none>
Versions of packages devscripts recommends:
ii at 3.1.16-1
ii curl 7.42.1-2
ii dctrl-tools 2.24-1
ii debian-keyring 2015.05.17
ii dput 0.9.6.4
ii equivs 2.0.9
ii fakeroot 1.20.2-1
ii file 1:5.22+15-2
ii gnupg 1.4.19-3
pn libdistro-info-perl <none>
ii libencode-locale-perl 1.03-1
ii libjson-perl 2.61-1
ii liblwp-protocol-https-perl 6.06-2
ii libsoap-lite-perl 1.11-1
ii liburi-perl 1.64-1
ii libwww-perl 6.08-1
ii lintian 2.5.31
ii man-db 2.7.0.2-5
ii patch 2.7.5-1
ii patchutils 0.3.4-1
ii python3-debian 0.1.27
pn python3-magic <none>
ii sensible-utils 0.0.9
ii strace 4.10-1
ii unzip 6.0-17
ii wdiff 1.2.2-1
ii wget 1.16.3-2
ii xz-utils 5.1.1alpha+20120614-2+b3
Versions of packages devscripts suggests:
ii bsd-mailx [mailx] 8.1.2-0.20150408cvs-1
ii build-essential 11.7
pn cvs-buildpackage <none>
pn debbindiff <none>
pn devscripts-el <none>
ii gnuplot 4.6.6-2
ii gpgv 1.4.19-3
ii libauthen-sasl-perl 2.1600-1
ii libfile-desktopentry-perl 0.07-1
ii libnet-smtp-ssl-perl 1.01-3
ii libterm-size-perl 0.207-1+b2
ii libtimedate-perl 2.3000-2
ii libyaml-syck-perl 1.27-2+b2
ii mutt 1.5.23-3.3~ket
ii openssh-client [ssh-client] 1:6.7p1-6.1~securityfix
pn svn-buildpackage <none>
ii w3m 0.5.3-21
- -- no debconf information
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJVaCduAAoJEKZ8CrGAGfasa+YL/jmWh9nLQvWsBaZkSO81aZZ9
sjmvkY8YaA4/Fh/Gzm9uGqDXoe969JOZAfnvjo1VIAU0Jg0oHE2dGNB9WJCgUf4D
yvL15LtluLPL9wkU+sz/8m3/Njtkgcq+bbTnQAkzkq5daObB+m6H/N6RYPerUi/3
XeW4QPuxAWWYhgYj8I1E2QzWGC0Mgl8M/8CciU/5fdpnAB/JtVx1rDAz/2Zg2wYE
36KBChlY1ap2bCvyK8arLm9rVLCVA84TDVylFLZy7bM9n/8deEZpPWGh1xpV4iy6
mGcdlRl5lOxHyhhgdjkGJRRNJrv1PwK90WRS5aqHAaVZYMzDWvm0hdu9zFZoj7/f
pvoTk3YHSsAtyp368GTYdpx+VWpWVPkGqsl9kAobbeLv+B5MnF9vYw3WOjEXJmQ2
+8S20Trmv2F+hXKXSSlf6q8R+ncpMvz9UpaixGwYriEUDKXmiAPA0RSrI1gfK0CP
ijRIUa2OJ3MFWKU8yiyXxO3emGXOY7J2AHrbfnKXAQ==
=61Wc
-----END PGP SIGNATURE-----
More information about the devscripts-devel
mailing list