On Tue, 2021-11-23 at 18:14 -0500, Jack wrote: > OK, here's something. > > I changed my stable version of ca-certificates from -cacert to > cacert, > and now I get the same failure you do. So - it's due to either > something in nss-cacert-class1-class3-r2.patch which only gets > applied > if that USE flag is set, or to something else only done when that > USE > flag is set. > > I don't understand it, but it's a place to start - and note the note > in > the ebuild: > > # When triaging user reports, refer to our wiki for tips: > # > https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues >
Thanks Jack. Interesting that it breaks for you as well now. Btw I haven't used USE="cacert" (could be that I copied it wrong here), it's a additional Certificate Authority which is not included by default in Mozilla database as far as I understand. I have tried to change USE="cacert" and rebuild app-misc/ca-certificates but no change when tested, which to me is expected, but who knows what could be an issue. I'll try to dig deeper into this. Initially I was hoping that someone more familiar with the topic could jump in and suggest what to do next. I did look at the wiki, but wiki uses openssl tools for debugging, and I have no issues with openssl client connecting to this server :/ (so I don't think it's useful in this case) Regards, Branko
