Hi all, There seems to be a configuration problem or other issue with the SSL on summit.debconf.org, none of wget, curl, evolution or openssl s_client can open the site, old/new Iceweasel profiles as well as Tor Browser can though. OpenSSL seems to think there is a self signed certificate in the certificate chain. pabs@chianamo ~ $ wget https://summit.debconf.org/ --2016-02-11 08:33:33-- https://summit.debconf.org/ Resolving summit.debconf.org (summit.debconf.org)... 46.43.39.194, 2001:41c8:134:194::42 Connecting to summit.debconf.org (summit.debconf.org)|46.43.39.194|:443... connected. ERROR: The certificate of ‘summit.debconf.org’ is not trusted. ERROR: The certificate of ‘summit.debconf.org’ hasn't got a known issuer. pabs@chianamo ~ $ curl https://summit.debconf.org/ curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. pabs@chianamo ~ $ openssl s_client -showcerts -connect summit.debconf.org:443 -servername summit.debconf.org < /dev/null 2>&1 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/CN=summit.debconf.org i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 -----BEGIN CERTIFICATE----- MIIGCDCCBPCgAwIBAgISATh5EABBxNc8X2UblucD147ZMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAxMzAxMzE0MDBaFw0x NjA0MjkxMzE0MDBaMB0xGzAZBgNVBAMTEnN1bW1pdC5kZWJjb25mLm9yZzCCAiIw DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM/3ZFPZ/eR9aL31AHpfQryHFDo/ kS3Rm5s4hfDB9AdiEqJfnesAOVcVUNM8cJF4SzBhEyF42t/Nju6RsjAAJOtA85xS e0lyW64Vh4uDRAu0OsoPCi8p7lzWbUDMxXe/SM4uE5KELxCcMKczgbJWOx2M2m7p IacKN2Lgqj5CSczEkDahdj67Uv/3m7vWg4kPPrA2kwjuyNtW170OEg63YT2AvCI8 tj7JiD52oBiSR3drdKGUfCG4ySrmB4I3JcPi7FaFF4IJnvLHCwTZ1sUbbL9NZY6R t3HcnkL5nUdN1FSbvE8163LHl6YUnk2O3KR8LkI0cWS/Lht+mb9sBdadzIpGze3q U3pfqTOzYaPA0qnRe9A4MB994bx2WRPTmprmwIvehhSkFn9GwjKcQwBNFlIIORJE X+7hCjxkXhjdNGw0dR8rErAIskVWlJtRoIx0Qfz8jguIaImXIZdG1sSxKRmGnW8T bwrd6PW5Z+G5bViM8dTUqSE+CUAiyMV5j5OYQBHVEfEJtssbqJSKD8OmaJbmo4// rzVgBPU1CG6mjxhJFKLBb2aBt4CEu7LtHw/cBj9PjnESCjvu5mG+7MjC4FhAdfU4 boNuadG/5KldQzq6sMSGYfKdOgAAadDSXUvuraeTMkpk5RkoF2bAQr5NJlzlJTZn XI9ckmBJLeSXwJbhAgMBAAGjggITMIICDzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE FO3zteshhs0eaiJJU1IBfzT5lPYPMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZF Ze/zqOyhMHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3Au aW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0 LmludC14MS5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEnN1bW1pdC5kZWJj b25mLm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEw gdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggr BgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVk IHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ug d2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0 c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBLUkBb xC0Z+xYj/dg0egKXUupWfol+2tOZoGLaLdUQGQiy1FMdf1Spmv4mHNxq+z1SsFoU Oy5I8ufaz8SRndLkdJUiM0HFDk2fnCng25Gnop0eU6zPqxtjkIUWIqBmuZixQN+b 0Y1WLU95mNF6kzbctCgGFc3MtOStTtyuaWKcC0Tad2rtE2WmJ0bZPRkO94b4uYtD 2gzs5crvi30s7R52nBcsMUXeiqO/ZpwcTm43MBBrEJm+2BvNHDZ1/5S2VFgg8wav uGX3hExhtHxFYQ3TSr8hdgMDNc75P7hMjw3ZPj4pml7rLBG3sj/gVf84ValB0Ydu Cvx1GmwRwBGyvbqG -----END CERTIFICATE----- 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 -----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIRAOeTkL6SBwNJGF95dYHlyoMwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTIwMDIw WhcNMjAwNjA0MTIwMDIwWjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDEwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf 89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB AGvM/XGv8yafGRGMPP6hnggoI9DGWGf4l0mzjBhuCkDVqoG/7rsH1ytzteePxiA3 7kqSBo0fXu5GmbWOw09GpwPYyAAY0iWOMU6ybrTJHS466Urzoe/4IwLQoQc219EK lh+4Ugu1q4KxNY1qMDA/1YX2Qm9M6AcAs1UvZKHSpJQAbsYrbN6obNoUGOeG6ONH Yr8KRQz5FMfZYcA49fmdDTwKn/pyLOkJFeA/dm/oP99UmKCFoeOa5w9YJr2Vi7ic Xd59CU8mprWhxFXnma1oU3T8ZNovjib3UHocjlEJfNbDy9zgKTYURcMVweo1dkbH NbLc5mIjIk/kJ+RPD+chR+gJjy3Gh9xMNkDrZQKfsIO93hxTsZMmgZQ4c+vujC1M jSak+Ai87YZeYQPh1fCGMSTno5III37DUCtIn8BJxJixuPeOMKsjLLD5AtMVy0fp d19lcUek4bjDY8/Ujb5/wfn2+Kk7z72SxWdekjtHOWBmKxqq8jDuuMw4ymg1g5n7 R7TZ/Y3y4bTpWUDkBHFo03xNM21wBFDIrCZZeVhvDW4MtT6+Ass2bcpoHwYcGol2 gaLDa5k2dkG41OGtXa0fY+TjdryY4cOcstJUKjv2MJku4yaTtjjECX1rJvFLnqYe wC+FmxjgWPuyRNuLDAWK30mmpcJZ3CmD6dFtAi4h7H37 -----END CERTIFICATE----- 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 -----BEGIN CERTIFICATE----- MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ 0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ 3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= -----END CERTIFICATE----- 3 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 -----BEGIN CERTIFICATE----- MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1 gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4 4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3 pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk 6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk= -----END CERTIFICATE----- --- Server certificate subject=/CN=summit.debconf.org issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 6536 bytes and written 468 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 22FA3217B14A63E7F42504CFA2058DD16C7B866E8E7E12089250C428BE588725 Session-ID-ctx: Master-Key: FD5FD98CA0754ECC24E15BC38A2E652ACF2FFE044ECAB681823753F995691C64F3D5E6A7A5311E63EB1E7FF2BAD9740B Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 32 22 6f 26 38 51 24 6a-48 0d 5b 11 ab d8 2e 7a 2"o&8Q$jH.[....z 0010 - c9 5d 44 81 ac 81 12 e1-d0 a0 dc 87 c1 72 cf dc .]D..........r.. 0020 - ec 14 fb 16 d8 ce 3b a9-c6 c1 5b 14 bc 05 8b 3b ......;...[....; 0030 - 95 76 49 62 d1 4e 18 d2-b1 75 de 98 41 da 12 e7 .vIb.N...u..A... 0040 - 96 9e 1a 2d 93 eb a5 96-ac 83 96 eb 69 4d e2 2b ...-........iM.+ 0050 - f6 c5 0b 4f 1a 27 cc c7-78 af cf cb 28 45 f5 43 ...O.'..x...(E.C 0060 - 0f 6b 17 55 b5 5e 91 13-cd 2b 98 69 94 2d 4d c8 .k.U.^...+.i.-M. 0070 - 12 21 e3 0d 76 f2 8f ae-4f 73 6b 1a 4b 86 92 8d .!..v...Osk.K... 0080 - 94 dd 3e bc 41 91 c3 81-c9 f6 52 bb 36 b6 9f 78 ..>.A.....R.6..x 0090 - 0a 9a 8b 94 65 94 bd 61-d1 48 17 a3 47 20 54 be ....e..a.H..G T. 00a0 - ce dd 96 a6 27 f7 31 b4-8d 4d 5f f3 3e 44 a3 e5 ....'.1..M_.>D.. 00b0 - fb 9f da 61 b1 1c 77 af-3d 0e f8 84 93 96 07 85 ...a..w.=....... 00c0 - 81 10 cd 3f e1 2c 54 01-da 40 8f 06 b3 91 e0 ba ...?.,T..@...... Start Time: 1455140060 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- DONE -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part