Comment 4 for bug 828756

gabble is configured to use /etc/ssl/certs/ca-certificates.crt, and manually validating the problematic chains against that file succeeds. So I'm pretty sure it's a problem somewhere in gabble.