bug#47331: Psi (and Psi-plus) aren't able to validate certificates

[Jack Hill]

Hi Guix,

I'm using Guix System with commit 17b408e6a219d64643717cfde16ce04eea0a4590 
and both the psi and psi-plus package are unable to validate the 
certificate of the XMPP server when connecting. When logging into an 
account, a popup error appears saying "The member.fsf.org certificate 
failed the authenticity test. Invalid CA certificate." Clicking on 
"details…" results in the attached screenshot. It appears that a valid 
certificate is being presented by the server, but psi doesn't have 
certificate authority in its trust store. I've tried it with both psi 
installed in my default user profile and nss-certs installed in the system 
profile as well and with `guix environment --ad-hoc psi nss-certs -- psi`.

My environment variable appear to be set correctly:

jackhill@alperton ~$ env|grep -i ssl
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

The problem appears across different XMPP servers. I've tried the ones 
for member.fsf.org, duke.edu, and hcoop.net. The IM Observatory doesn't 
report any problems with the configuration of member.fsf.org [0]. I see 
the exact same problem and error messages with both psi and psi-plus.

[0] https://www.xmpp.net/result.php?id=1481007

Best,
Jack

psi.png
Description: PNG image