Re: Certificate problem with curl, though icecat works

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate problem with curl, though icecat works

From:	Giovanni Biscuolo
Subject:	Re: Certificate problem with curl, though icecat works
Date:	Thu, 13 Aug 2020 08:55:52 +0200

Giovanni Biscuolo <g@xelera.eu> writes:

[...]

>> $ curl 
>> https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N
>>
>> curl: (60) server certificate verification failed. CAfile: 
>> /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt CRLfile: 
>> none
>> More details here: https://curl.haxx.se/docs/sslcerts.html
>>
>> ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is set 
>> properly.
>
> This is similar to
> https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html

No, this is a different issue:

--8<---------------cut here---------------start------------->8---

gnutls-cli actorws.epa.gov

Processed 128 CA certificate(s).
Resolving 'actorws.epa.gov:443'...
Connecting to '134.67.99.60:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `CN=*.epa.gov,OU=OMS/OITO/EHD,O=Environmental Protection 
Agency,L=Durham,ST=North Carolina,C=US', issuer `CN=DigiCert SHA2 Secure Server 
CA,O=DigiCert Inc,C=US', serial 0x0caca7602da89b50c3820b33518c827a, RSA key 
2048 bits, signed using RSA-SHA256, activated `2019-04-25 00:00:00 UTC', 
expires `2021-04-19 12:00:00 UTC', 
pin-sha256="o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk="
        Public Key ID:
                sha1:884a27ada33cc533411036cde08f7c83bee2580e
                
sha256:a39776b6463318d12800bcda3e901de6af928a66b63276db22d13ae02a720c29
        Public Key PIN:
                pin-sha256:o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk=

- Certificate[1] info:
 - subject `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', issuer 
`CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US', serial 
0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using RSA-SHA256, 
activated `2013-03-08 12:00:00 UTC', expires `2023-03-08 12:00:00 UTC', 
pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="
|<1>| Got OCSP response with an unrelated certificate.
- Status: The certificate is NOT trusted. The received OCSP status response is 
invalid. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
[~]-

--8<---------------cut here---------------end--------------->8---

I'm going to open a bug report upstream (gnutls), thanks for your
report.

Best regards, Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Certificate problem with curl, though icecat works, TK, 2020/08/11
- Re: Certificate problem with curl, though icecat works, Giovanni Biscuolo, 2020/08/12
  - Re: Certificate problem with curl, though icecat works, Giovanni Biscuolo <=
    - Re: Certificate problem with curl, though icecat works, Todor Kondić, 2020/08/13
    - Re: Certificate problem with curl, though icecat works, Giovanni Biscuolo, 2020/08/13

Prev by Date: Problems with McCLIM (Common Lisp)
Next by Date: Re: Problems with McCLIM (Common Lisp)
Previous by thread: Re: Certificate problem with curl, though icecat works
Next by thread: Re: Certificate problem with curl, though icecat works
Index(es):
- Date
- Thread