bug#45358: bootstrap fails due to a certificate mismatch

Erik Auerswald Tue, 09 Mar 2021 02:41:16 -0800

Hi,

On Tue, Mar 09, 2021 at 11:28:18AM +0200, Grigoriy Sokolik wrote:
> I've rechecked:


I cannot reproduce the problem, the certificate is trusted by my system:

    # via IPv4
    $ gnutls-cli --verbose translationproject.org </dev/null  | grep -E 
'Connecting|Status'
    Connecting to '80.69.83.146:443'...
    - Status: The certificate is trusted. 
    # via IPv6
    $ gnutls-cli --verbose translationproject.org </dev/null  | grep -E 
'Connecting|Status'
    Connecting to '2a01:7c8:c037:6::20:443'...
    - Status: The certificate is trusted.

It seems to me as if your system does not trust the used root CA.

>     [...]issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.'[...]

On my Ubuntu 18.04 system, I find it via symlink from /etc/ssl/certs:

    $ ls /etc/ssl/certs/DST_Root_CA_X3.pem -l
    lrwxrwxrwx 1 root root 53 Mai 28  2018 /etc/ssl/certs/DST_Root_CA_X3.pem -> 
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
    $ certtool --certificate-info < 
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt | grep Subject:
        Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.

HTH,
Erik
-- 
[A]pplied cryptography mostly sucks.
                        -- Green's law of applied cryptography

bug#45358: bootstrap fails due to a certificate mismatch

Reply via email to