From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id uPZkD7Od214IcAAA0tVLHw (envelope-from ) for ; Sat, 06 Jun 2020 13:44:19 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id gC//CrOd214OZwAAB5/wlQ (envelope-from ) for ; Sat, 06 Jun 2020 13:44:19 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E79AF9403EE for ; Sat, 6 Jun 2020 13:44:17 +0000 (UTC) Received: from localhost ([::1]:38742 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jhZ7Q-0001vA-V7 for larch@yhetil.org; Sat, 06 Jun 2020 09:44:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41450) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jhZ7K-0001uz-3K for help-guix@gnu.org; Sat, 06 Jun 2020 09:44:10 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60451) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jhZ7I-0003M4-Lr; Sat, 06 Jun 2020 09:44:08 -0400 Received: from ti0006q161-2604.bb.online.no ([84.202.68.75]:51098 helo=localhost) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jhZ7I-0002Fw-1g; Sat, 06 Jun 2020 09:44:08 -0400 From: Marius Bakke To: Giovanni Biscuolo , Tobias Geerinckx-Rice Subject: Re: curl server certificate verification failed for a few sites In-Reply-To: <87tuzok0zk.fsf@roquette.i-did-not-set--mail-host-address--so-tickle-me> References: <87sgfbkm7g.fsf@roquette.i-did-not-set--mail-host-address--so-tickle-me> <87o8pylsel.fsf@roquette.i-did-not-set--mail-host-address--so-tickle-me> <874krqdboh.fsf@nckx> <87tuzok0zk.fsf@roquette.i-did-not-set--mail-host-address--so-tickle-me> Date: Sat, 06 Jun 2020 15:44:05 +0200 Message-ID: <87o8pwtil6.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: help-guix@gnu.org Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Spam-Score: -3.11 X-TUID: nlrPIt8ZwqCa --=-=-= Content-Type: text/plain Giovanni Biscuolo writes: > Hi Tobias, > > thank you for your clear explanation and patience > > ...and sorry again to all other Guix users for the "noise": this is not > strictly related to Guix but just to the most recent version of > curl/wget > > I still I don't understand the differences between curl (and wget) > behaviour and the last Guix available ungoogled-chromium (see below). The problem is with GnuTLS, which failed if one of the trust roots were using an expired certificate: https://gitlab.com/gnutls/gnutls/-/issues/1008 It has been fixed in the latest GnuTLS, which is in Guix as of commit 8951b9496b5c390adb3b3292d234bb8ab9936c40. Thanks for reporting it! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl7bnaUACgkQoqBt8qM6 VPo/7QgAwsTpUong7em61ZEpSqHi/l0gXp2LyXbICz/v6kzRY9VShycoMK2X5bpO +y/9gXW99N6It+NJmfWpu/r8o2I4XAfyPZopof1YZ2QmeFZQ8cAYHIB+H7H4LL1u 7yjm4++pl7jIjUp4Zb6IaoUyMbriqlb8JKnrA7+XQ9miaQWyLMurcH1zhXSIUEbK KXr8wbVYNL7ka5Z5RrThliB6uNmfUr8vs81luCUdYqr+rUB/um7uS19IdA+nTlQ5 L/ROTUbYkNG/Q6hR8ZSs1ttMwJM2lPxqrn6RUuOfRjnTE5c3WqAqbESx+Ma3r0UN 1kB1kSc+SXtN+PijQjHIxvSmzV0Dng== =IBk3 -----END PGP SIGNATURE----- --=-=-=--