From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id UDggAlIrNF8QfgAA0tVLHw (envelope-from ) for ; Wed, 12 Aug 2020 17:48:02 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id Q5pEOFErNF9WGAAAB5/wlQ (envelope-from ) for ; Wed, 12 Aug 2020 17:48:01 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 79DEB940A39 for ; Wed, 12 Aug 2020 17:48:01 +0000 (UTC) Received: from localhost ([::1]:59082 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k5ur2-0005pn-A9 for larch@yhetil.org; Wed, 12 Aug 2020 13:48:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35134) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5uqo-0005nv-IZ for help-guix@gnu.org; Wed, 12 Aug 2020 13:47:46 -0400 Received: from ns13.heimat.it ([46.4.214.66]:60616) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k5uqm-0004ZY-FU for help-guix@gnu.org; Wed, 12 Aug 2020 13:47:46 -0400 Received: from localhost (ip6-localhost [127.0.0.1]) by ns13.heimat.it (Postfix) with ESMTP id E900A3000C5; Wed, 12 Aug 2020 17:47:40 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at ns13.heimat.it Received: from ns13.heimat.it ([127.0.0.1]) by localhost (ns13.heimat.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4D2LTD8ZjXyk; Wed, 12 Aug 2020 17:47:20 +0000 (UTC) Received: from bourrache.mug.xelera.it (unknown [93.56.169.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by ns13.heimat.it (Postfix) with ESMTPSA id 510753000C4; Wed, 12 Aug 2020 17:47:20 +0000 (UTC) Received: from roquette.mug.biscuolo.net (roquette [10.38.2.14]) by bourrache.mug.xelera.it (Postfix) with SMTP id F32035BCDAF; Wed, 12 Aug 2020 19:47:17 +0200 (CEST) Received: (nullmailer pid 21026 invoked by uid 1000); Wed, 12 Aug 2020 17:47:13 -0000 From: Giovanni Biscuolo To: TK , "help-guix\\@gnu.org" Subject: Re: Certificate problem with curl, though icecat works In-Reply-To: <9kSaR15iLCuEyScHdlJ73XpOm85IcNNLxHb6T9PoWPiW6PTiT9eFfsAIStaIyuxzgpZOpCUfYkLP4Y8PaE3jxcKxOryeTFg5BzplBz1esxQ=@protonmail.com> Organization: Xelera.eu References: <9kSaR15iLCuEyScHdlJ73XpOm85IcNNLxHb6T9PoWPiW6PTiT9eFfsAIStaIyuxzgpZOpCUfYkLP4Y8PaE3jxcKxOryeTFg5BzplBz1esxQ=@protonmail.com> Date: Wed, 12 Aug 2020 19:47:13 +0200 Message-ID: <87y2mj69jy.fsf@roquette.i-did-not-set--mail-host-address--so-tickle-me> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=46.4.214.66; envelope-from=g@xelera.eu; helo=ns13.heimat.it X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/12 13:47:41 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Spam-Score: -0.61 X-TUID: ov3qRxH9ffya --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi TK TK writes: [...] > However, doing the same thing with curl errors out: > > $ curl https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?id= entifier=3DMKXZASYAUGDDCJ-NJAFHUGGSA-N > > curl: (60) server certificate verification failed. CAfile: /home/user/.gu= ix-profiles/profile/etc/ssl/certs/ca-certificates.crt CRLfile: none > More details here: https://curl.haxx.se/docs/sslcerts.html > > ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is s= et properly. This is similar to https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html and it should be fixed in the latest GnuTLS, which is in Guix since commiy 8951b9496b5c390adb3b3292d234bb8ab9936c40 Anyway I can confirm that I get the same results as you. I'm going to investigare if I can add something useful and open a bug (probably upstream?) happy hacking! Gio' =2D-=20 Giovanni Biscuolo Xelera IT Infrastructures --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERcxjuFJYydVfNLI5030Op87MORIFAl80KyEACgkQ030Op87M ORKIAxAArBkN/zKvhAJ/oz6OCFaG/eS1u0Ai4zprOEWHn0kA2IhMXdJRjDQ8S2GC OAVKNrYofeIlHibRWgebdjbCt8ayvEyWQegOf5lIl8bTNxeSAHLug5mlKPya0Cih oQB+6h1JCPLWwvo0PBbERtaYWjdlLfAzRxFU3IMSD2ehc0KYMjYNgl3ApP2sQNNh 5AdamVG0e06zM62t38zKYKHf/Ql5yXQhBSWvP13jzMRkcsa5by+yGIdDRVsvo+Rr r2ljpNSm5VqlJ5/1K+C1dZnc/3ceHGZ4Pe3i/PeYLqiFqlOcOh3ci3OItm8MXzPk C6FvabrSCx4LII7WJ463Zip/7U7zBdZH7F7usrkQw5/fq/l4Hm3ZaAcTkObHrgdf 7r3Wy3P2prRVscKiRbGjxZxprd6HlkaAc8iV4yaAYI90CCwPGDjsztx448GXyROL aY4s0P50DlvB+GLmPlP9NDFnIINnTS/PyO72q3kSYJ8TzGn6zg9lNtlrLVIWcQXj V/IR9QJS5lrAmHAGhNab5KbQVWdOQnDg9XHs3A/nRIAc80xTwpYD8Mm2/JhzQfmt dUnr7XV1FhuVKlfNEqXX4giKIdUmc0/ee00w2XZdmnZcvte40xVzfUXns5fISJwP hu2WSsDCiyl88tOYfyCygli2chg6+6llIifUWdYv25B0ATTTRXA= =sktN -----END PGP SIGNATURE----- --=-=-=--