|Subject:||Re: GNU make 4.3.90 release candidate available|
|Date:||Mon, 26 Sep 2022 15:45:40 -0400|
> It's more probable that David has outdated certificate DB and/or
> outdated GnuTLS on his machine.
Thanks once again to Microsoft for obeying Dorey's Law of Marketing with "safelinks", I only belatedly see David's evidence included "--2022-09-26 09:12:58--" which rather says that his clock wasn't messed up, contra my earlier suggestion.
martind@sirius:~$ < /dev/null openssl s_client -connect alpha.gnu.org:https > /dev/nulldepth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1verify return:1depth=1 C = US, O = Let's Encrypt, CN = R3verify return:1depth=0 CN = ftp.gnu.orgverify return:1DONEmartind@sirius:~$
"ISRG Root X1" rings a bell. Ah yes, it's that old chestnut: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/, which contains advice for David. I also found the work around from https://firstname.lastname@example.org/msg09627.html specifically:
sudo rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
... to be helpful.
From: Bug-make <email@example.com> on behalf of Eli Zaretskii <firstname.lastname@example.org>
Sent: Monday, September 26, 2022 10:10
To: email@example.com <firstname.lastname@example.org>
Cc: email@example.com <firstname.lastname@example.org>; email@example.com <firstname.lastname@example.org>
Subject: Re: GNU make 4.3.90 release candidate available***** EXTERNAL EMAIL *****
> From: Paul Smith <email@example.com>
> Cc: firstname.lastname@example.org
> Date: Mon, 26 Sep 2022 12:31:34 -0400
> On Mon, 2022-09-26 at 12:16 -0400, David Boyce wrote:
> > BTW wget complains about the certificate:
> > $ wget https://nam04.safelinks.protection.outlook.com/?url="">
> > --2022-09-26 09:12:58-- https://nam04.safelinks.protection.outlook.com/?url="">
> > Resolving alpha.gnu.org (alpha.gnu.org)... 126.96.36.199, 2001:470:142:3::c
> > Connecting to alpha.gnu.org (alpha.gnu.org)|188.8.131.52|:443... connected.
> > ERROR: cannot verify alpha.gnu.org's certificate, issued by '/C=US/O=Let\'s Encrypt/CN=R3':
> > Issued certificate has expired.
> > To connect to alpha.gnu.org insecurely, use `--no-check-certificate'.
> Oddly I don't get this warning. Maybe I have somehow asked wget to not
> check expirations?
It's more probable that David has outdated certificate DB and/or
outdated GnuTLS on his machine.
|[Prev in Thread]||Current Thread||[Next in Thread]|