‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, 13 August 2020 08:55, Giovanni Biscuolo <g...@xelera.eu> wrote:
> Giovanni Biscuolo g...@xelera.eu writes: > > [...] > > > > $ curl > > > https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N > > > curl: (60) server certificate verification failed. CAfile: > > > /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt > > > CRLfile: none > > > More details here: https://curl.haxx.se/docs/sslcerts.html > > > ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is > > > set properly. > > > > This is similar to > > https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html > > No, this is a different issue: > > --8<---------------cut here---------------start------------->8--- > > gnutls-cliactorws.epa.gov > > Processed 128 CA certificate(s). > Resolving 'actorws.epa.gov:443'... > Connecting to '134.67.99.60:443'... > > - Certificate type: X.509 > > - Got a certificate list of 2 certificates. > > - Certificate[0] info: > > - subject `CN=*.epa.gov,OU=OMS/OITO/EHD,O=Environmental Protection > Agency,L=Durham,ST=North Carolina,C=US', issuer`CN=DigiCert SHA2 Secure > Server CA,O=DigiCert Inc,C=US', serial 0x0caca7602da89b50c3820b33518c827a, > RSA key 2048 bits, signed using RSA-SHA256, activated `2019-04-25 00:00:00 > UTC', expires`2021-04-19 12:00:00 UTC', > pin-sha256="o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk=" > Public Key ID: > sha1:884a27ada33cc533411036cde08f7c83bee2580e > sha256:a39776b6463318d12800bcda3e901de6af928a66b63276db22d13ae02a720c29 > Public Key PIN: > pin-sha256:o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk= > > - Certificate[1] info: > > - subject `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', > issuer`CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US', > serial 0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using > RSA-SHA256, activated `2013-03-08 12:00:00 UTC', expires`2023-03-08 12:00:00 > UTC', pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=" > |<1>| Got OCSP response with an unrelated certificate. > > - Status: The certificate is NOT trusted. The received OCSP status response > is invalid. > *** PKI verification of server certificate failed... > *** Fatal error: Error in the certificate. > [~]- > > --8<---------------cut here---------------end--------------->8--- > > > I'm going to open a bug report upstream (gnutls), thanks for your > report. > > Best regards, Gio' > > ------------------------------------------------------------------------------------------------ > > Giovanni Biscuolo > > Xelera IT Infrastructures Thanks for confirming this! I pulled the newest Guix and updated gnutls and that did not solve the issue. Please let me know when you post the issue, so I can track it.