On 1/11/2021 2:48 AM, Jeffrey Walton via curl-library wrote:
On Mon, Jan 11, 2021 at 2:35 AM Daniel Stenberg<dan...@haxx.se> wrote:
On Mon, 11 Jan 2021, Jeffrey Walton via curl-library wrote:
$ lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
$ command -v wget
/usr/bin/wget
$ wget -O cacert.pem 'https://curl.haxx.se/ca/cacert.pem'
Unable to locally verify the issuer's authority.
The cert is used by Fastly for a vast amount of servers so you'll likely to
have widespread issues when it doesn't work.
When I visit cURL's site in a browser, the CA used is Let's Encrypt
(and not GlobalSign).
Finally: that URL is the old one anyway, get the bundle from the current URL
and you'll see that it is signed by anoter cert:https://curl.se/ca/cacert.pem
OK, thanks. This did not help.
I tested the same on Ubuntu 18.04 with the shipped curl version there and it
works fine.
Yeah, I updated from 18.04 to 20.04 last week. 18.04 did not have
troubles. I think today is the first time I ran the script under
20.02.
I can give you remote access if you are interested in duplicating it.
I need your authorized_keys.
I'm using 16 LTS and I can't reproduce either. Try openssl
owner@ubuntu1604-x64-vm:~$ debsums ca-certificates | grep -i globalsign
/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt OK
/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt OK
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt OK
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt OK
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt OK
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt OK
owner@ubuntu1604-x64-vm:~$ SSL_CERT_DIR="" openssl s_client -connect
curl.haxx.se:443 -servername curl.haxx.se -CAfile
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt <
/dev/null | grep "Verify return code"
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA
2020
verify return:1
depth=0 CN = *.haxx.se
verify return:1
DONE
Verify return code: 0 (ok)
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html