help-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate problem with curl, though icecat works

From: Todor Kondić
Subject: Re: Certificate problem with curl, though icecat works
Date: Thu, 13 Aug 2020 08:58:04 +0000 
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, 13 August 2020 08:55, Giovanni Biscuolo <g@xelera.eu> wrote:

> Giovanni Biscuolo g@xelera.eu writes:
>
> [...]
>
> > > $ curl 
> > > https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N
> > > curl: (60) server certificate verification failed. CAfile: 
> > > /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt 
> > > CRLfile: none
> > > More details here: https://curl.haxx.se/docs/sslcerts.html
> > > ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is 
> > > set properly.
> >
> > This is similar to
> > https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html
>
> No, this is a different issue:
>
> --8<---------------cut here---------------start------------->8---
>
> gnutls-cliactorws.epa.gov
>
> Processed 128 CA certificate(s).
> Resolving 'actorws.epa.gov:443'...
> Connecting to '134.67.99.60:443'...
>
> -   Certificate type: X.509
>
> -   Got a certificate list of 2 certificates.
>
> -   Certificate[0] info:
>
> -   subject `CN=*.epa.gov,OU=OMS/OITO/EHD,O=Environmental Protection 
> Agency,L=Durham,ST=North Carolina,C=US', issuer`CN=DigiCert SHA2 Secure 
> Server CA,O=DigiCert Inc,C=US', serial 0x0caca7602da89b50c3820b33518c827a, 
> RSA key 2048 bits, signed using RSA-SHA256, activated `2019-04-25 00:00:00 
> UTC', expires`2021-04-19 12:00:00 UTC', 
> pin-sha256="o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk="
>     Public Key ID:
>     sha1:884a27ada33cc533411036cde08f7c83bee2580e
>     sha256:a39776b6463318d12800bcda3e901de6af928a66b63276db22d13ae02a720c29
>     Public Key PIN:
>     pin-sha256:o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk=
>
> -   Certificate[1] info:
>
> -   subject `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', 
> issuer`CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US', 
> serial 0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using 
> RSA-SHA256, activated `2013-03-08 12:00:00 UTC', expires`2023-03-08 12:00:00 
> UTC', pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="
>     |<1>| Got OCSP response with an unrelated certificate.
>
> -   Status: The certificate is NOT trusted. The received OCSP status response 
> is invalid.
>     *** PKI verification of server certificate failed...
>     *** Fatal error: Error in the certificate.
>     [~]-
>
>     --8<---------------cut here---------------end--------------->8---
>
>
> I'm going to open a bug report upstream (gnutls), thanks for your
> report.
>
> Best regards, Gio'
>
> ------------------------------------------------------------------------------------------------
>
> Giovanni Biscuolo
>
> Xelera IT Infrastructures


Thanks for confirming this! I pulled the newest Guix and updated gnutls and 
that did not solve the issue. Please let me know when you post the issue, so I 
can track it.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]