[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate problem with curl, though icecat works
From: |
Giovanni Biscuolo |
Subject: |
Re: Certificate problem with curl, though icecat works |
Date: |
Thu, 13 Aug 2020 08:55:52 +0200 |
Giovanni Biscuolo <g@xelera.eu> writes:
[...]
>> $ curl
>> https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N
>>
>> curl: (60) server certificate verification failed. CAfile:
>> /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt CRLfile:
>> none
>> More details here: https://curl.haxx.se/docs/sslcerts.html
>>
>> ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is set
>> properly.
>
> This is similar to
> https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html
No, this is a different issue:
--8<---------------cut here---------------start------------->8---
gnutls-cli actorws.epa.gov
Processed 128 CA certificate(s).
Resolving 'actorws.epa.gov:443'...
Connecting to '134.67.99.60:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=*.epa.gov,OU=OMS/OITO/EHD,O=Environmental Protection
Agency,L=Durham,ST=North Carolina,C=US', issuer `CN=DigiCert SHA2 Secure Server
CA,O=DigiCert Inc,C=US', serial 0x0caca7602da89b50c3820b33518c827a, RSA key
2048 bits, signed using RSA-SHA256, activated `2019-04-25 00:00:00 UTC',
expires `2021-04-19 12:00:00 UTC',
pin-sha256="o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk="
Public Key ID:
sha1:884a27ada33cc533411036cde08f7c83bee2580e
sha256:a39776b6463318d12800bcda3e901de6af928a66b63276db22d13ae02a720c29
Public Key PIN:
pin-sha256:o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk=
- Certificate[1] info:
- subject `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', issuer
`CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US', serial
0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using RSA-SHA256,
activated `2013-03-08 12:00:00 UTC', expires `2023-03-08 12:00:00 UTC',
pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="
|<1>| Got OCSP response with an unrelated certificate.
- Status: The certificate is NOT trusted. The received OCSP status response is
invalid.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
[~]-
--8<---------------cut here---------------end--------------->8---
I'm going to open a bug report upstream (gnutls), thanks for your
report.
Best regards, Gio'
--
Giovanni Biscuolo
Xelera IT Infrastructures
signature.asc
Description: PGP signature