[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate problem with curl, though icecat works
From: |
Todor Kondić |
Subject: |
Re: Certificate problem with curl, though icecat works |
Date: |
Thu, 13 Aug 2020 08:58:04 +0000 |
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, 13 August 2020 08:55, Giovanni Biscuolo <g@xelera.eu> wrote:
> Giovanni Biscuolo g@xelera.eu writes:
>
> [...]
>
> > > $ curl
> > > https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N
> > > curl: (60) server certificate verification failed. CAfile:
> > > /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt
> > > CRLfile: none
> > > More details here: https://curl.haxx.se/docs/sslcerts.html
> > > ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is
> > > set properly.
> >
> > This is similar to
> > https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html
>
> No, this is a different issue:
>
> --8<---------------cut here---------------start------------->8---
>
> gnutls-cliactorws.epa.gov
>
> Processed 128 CA certificate(s).
> Resolving 'actorws.epa.gov:443'...
> Connecting to '134.67.99.60:443'...
>
> - Certificate type: X.509
>
> - Got a certificate list of 2 certificates.
>
> - Certificate[0] info:
>
> - subject `CN=*.epa.gov,OU=OMS/OITO/EHD,O=Environmental Protection
> Agency,L=Durham,ST=North Carolina,C=US', issuer`CN=DigiCert SHA2 Secure
> Server CA,O=DigiCert Inc,C=US', serial 0x0caca7602da89b50c3820b33518c827a,
> RSA key 2048 bits, signed using RSA-SHA256, activated `2019-04-25 00:00:00
> UTC', expires`2021-04-19 12:00:00 UTC',
> pin-sha256="o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk="
> Public Key ID:
> sha1:884a27ada33cc533411036cde08f7c83bee2580e
> sha256:a39776b6463318d12800bcda3e901de6af928a66b63276db22d13ae02a720c29
> Public Key PIN:
> pin-sha256:o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk=
>
> - Certificate[1] info:
>
> - subject `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US',
> issuer`CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US',
> serial 0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using
> RSA-SHA256, activated `2013-03-08 12:00:00 UTC', expires`2023-03-08 12:00:00
> UTC', pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="
> |<1>| Got OCSP response with an unrelated certificate.
>
> - Status: The certificate is NOT trusted. The received OCSP status response
> is invalid.
> *** PKI verification of server certificate failed...
> *** Fatal error: Error in the certificate.
> [~]-
>
> --8<---------------cut here---------------end--------------->8---
>
>
> I'm going to open a bug report upstream (gnutls), thanks for your
> report.
>
> Best regards, Gio'
>
> ------------------------------------------------------------------------------------------------
>
> Giovanni Biscuolo
>
> Xelera IT Infrastructures
Thanks for confirming this! I pulled the newest Guix and updated gnutls and
that did not solve the issue. Please let me know when you post the issue, so I
can track it.