From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id yCO3Frvz2F6uTQAA0tVLHw (envelope-from ) for ; Thu, 04 Jun 2020 13:14:35 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id YDGYErvz2F75cwAAbx9fmQ (envelope-from ) for ; Thu, 04 Jun 2020 13:14:35 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C4594940276 for ; Thu, 4 Jun 2020 13:14:34 +0000 (UTC) Received: from localhost ([::1]:50482 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jgphZ-0006vx-6V for larch@yhetil.org; Thu, 04 Jun 2020 09:14:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58386) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jgphS-0006vk-6t for help-guix@gnu.org; Thu, 04 Jun 2020 09:14:26 -0400 Received: from ns13.heimat.it ([46.4.214.66]:55756) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jgphP-0001Rf-Bt for help-guix@gnu.org; Thu, 04 Jun 2020 09:14:25 -0400 Received: from localhost (ip6-localhost [127.0.0.1]) by ns13.heimat.it (Postfix) with ESMTP id BEA2F3021A6 for ; Thu, 4 Jun 2020 13:14:19 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at ns13.heimat.it Received: from ns13.heimat.it ([127.0.0.1]) by localhost (ns13.heimat.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ags_uZKr4uxH for ; Thu, 4 Jun 2020 13:13:59 +0000 (UTC) Received: from bourrache.mug.xelera.it (unknown [93.56.169.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by ns13.heimat.it (Postfix) with ESMTPSA id 0C602300F9C for ; Thu, 4 Jun 2020 13:13:59 +0000 (UTC) Received: from roquette.mug.biscuolo.net (roquette [10.38.2.14]) by bourrache.mug.xelera.it (Postfix) with SMTP id D0F7438EEF2 for ; Thu, 4 Jun 2020 15:13:57 +0200 (CEST) Received: (nullmailer pid 2023 invoked by uid 1000); Thu, 04 Jun 2020 13:13:56 -0000 From: Giovanni Biscuolo To: help-guix@gnu.org Subject: curl server certificate verification failed for a few sites Organization: Xelera.eu Date: Thu, 04 Jun 2020 15:13:55 +0200 Message-ID: <87sgfbkm7g.fsf@roquette.i-did-not-set--mail-host-address--so-tickle-me> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=46.4.214.66; envelope-from=g@xelera.eu; helo=ns13.heimat.it X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/04 09:14:20 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Spam-Score: -0.61 X-TUID: I9M5xbVIWsVw --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello Guix, this is my current Guix version: =2D-8<---------------cut here---------------start------------->8--- Generation 71 giu 03 2020 17:44:58 (current) guix 2f49007 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 2f49007dd076b14feb40d7c3331dee3e737265c844 =2D-8<---------------cut here---------------end--------------->8--- I'm having a strange error with curl from Guix (on a foreign distro): =2D-8<---------------cut here---------------start------------->8--- giovanni@roquette: curl -I https://voices.transparency.org curl: (60) server certificate verification failed. CAfile: /home/giovanni/.= guix-extra-profiles/emacs/emacs/etc/ssl/certs/ca-certificates.crt CRLfile: = none More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. =2D-8<---------------cut here---------------end--------------->8--- I'm working in a profile with "curl" and "nss-certs" installed, I my profile activate with: =2D-8<---------------cut here---------------start------------->8--- GUIX_PROFILE=3D"/home/giovanni/.guix-extra-profiles/emacs/emacs" ; . "$GUIX= _PROFILE"/etc/profile =2D-8<---------------cut here---------------end--------------->8--- and it seems to me that the env is set up correctly, especially I have: =2D-8<---------------cut here---------------start------------->8--- CURL_CA_BUNDLE=3D/home/giovanni/.guix-extra-profiles/emacs/emacs/etc/ssl/ce= rts/ca-certificates.crt =2D-8<---------------cut here---------------end--------------->8--- With other sites I have no problems, e.g. with "curl https://google.com" or "curl https://fsf.org" I also have no problem using curl from my foreign distro, i.e.: =2D-8<---------------cut here---------------start------------->8--- giovanni@roquette: /usr/bin/curl -I https://voices.transparency.org HTTP/2 200=20 server: nginx date: Thu, 04 Jun 2020 12:31:30 GMT content-type: text/html; charset=3Dutf-8 content-length: 331031 set-cookie: uid=3Dlo_qSsMbQ4z5dnK; Expires=3DFri, 04-Jun-21 12:31:30 GMT; P= ath=3D/; Secure; HttpOnly sepia-upstream: medium x-opentracing: {"ot-tracer-spanid":"390949417d4930c0","ot-tracer-traceid":"= 7f0fd7d0262c0c9b","ot-tracer-sampled":"true"} [...] x-frame-options: sameorigin x-content-type-options: nosniff x-xss-protection: 1; mode=3Dblock x-ua-compatible: IE=3Dedge, Chrome=3D1 x-powered-by: Medium x-obvious-tid: 1591273890249:f076faaf3e63 x-obvious-info: 41228-18f1264,18f1264f828 link: ; rel=3D"humans" cache-control: no-cache, no-store, max-age=3D0, must-revalidate expires: Thu, 09 Sep 1999 09:09:09 GMT pragma: no-cache set-cookie: sid=3D1:h/sJWfMuvxt6xsp9CxiSVZhE/m0Gkrnt1Aj+VWcPGV1cpLwK14Dg7Rf= r4fWgzCz9ru4qnVfGEhX+mljUMOriPA=3D=3D; path=3D/; expires=3DFri, 04 Jun 2021= 12:31:30 GMT; samesite=3Dnone; secure; httponly set-cookie: optimizelyEndUserId=3Dlo_qSsMbQ4z5dnK; path=3D/; expires=3DFri,= 04 Jun 2021 12:31:30 GMT; samesite=3Dnone; secure =2D-8<---------------cut here---------------end--------------->8--- Am I missing something in my env, there is a problem in https://voices.transparency.org setting or is something else? Thanks! Gio' =2D-=20 Giovanni Biscuolo Xelera IT Infrastructures --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERcxjuFJYydVfNLI5030Op87MORIFAl7Y85QACgkQ030Op87M ORJawxAAy1vxo42xifMSJflu4RlFqx4FYx9sGPrS12hS9A6qnOPFosPdcJGDQWHm k76Y0l1e0OI6BVgkuF3U8UCr3IRbUwsCFCf5RLY4X6MRdP/nKU9BvPcZIrHf/fxJ SdymW/GTW76wVv6JQaPue/S29uwCZ85wAnIMfI8eSds8H/oce9bsTHCC0Zo+FTmG 6Fj14zl0XfDAccY0e+nwVuEQk+tGymLLzustcnqmeXgZxIMbTCMcSxaEP4kf6Dup vQ4yR6KrUWBYq8JYlu3sBfTV0QG2sliGWeaN63WfbkYjyoyvW/TsgXCyTpDkx01D rF6DSv5sDBRBJf1/pvAfoz0xKfclyR0nppxReXr6Tz4fC62xqc4OnQhNH/7dtSJ8 xRWxY+Nt/wD97ScH6TH1bDHhiXJeAluzZuHBEXp8O1eo3+hJmH78BeA6BqUZGmey b+yshoSbOiX+z94HgybEW/jXuBYlAQpWSnTklWOTA3RAm8UHXZ8SvKpiDOpt/TI2 wfJdQI0uLgi7j3qCwd3mhEEGpe3hm4RePfIvFhdJfAiuhQf/yCaY9juO3ct0YEkv 9J7vpZwunOt1PhfKC75HHnBwLKfdjrBQ5pf92GiUlIphT44lJcz/BqnL/fPlKxrT Xwj7R7KOR+rPxThmOgTviRPQxFOej0/NCLZcMEtXL38MZPJvSzM= =cuUS -----END PGP SIGNATURE----- --=-=-=--