Closed nevans closed 3 years ago
Unfortunately, as you've correctly noted, our ca-certificates
package comes from Debian, so this bug really is properly reported at https://bugs.debian.org/962596. If/when the Debian package is fixed, our image will get the updated package.
(Closing, since this is properly tracked in https://bugs.debian.org/962596 and isn't something we can/will fix in our image.)
There's a serious bug in debian that I'm really surprised hasn't been urgently fixed.
Debian recently (incorrectly) removed trust for GeoTrust Global CA:
GeoTrust Global CA is used by Apple, among others. E.g, try to run the following:
My result:
I can workaround it for Apple and other GeoTrust-signed certs by placing the following into my Dockerfile:
But I don't know if other certs are incorrectly removed (it seems likely from the bugreport and changelog).