GNU bug report logs - #45358
bootstrap fails due to a certificate mismatch

Previous Next

Full log

View this message in rfc822 format

From: Erik Auerswald <auerswal <at> unix-ag.uni-kl.de>
To: Grigoriy Sokolik <g.sokol99 <at> g-sokol.info>
Cc: 45358 <at> debbugs.gnu.org, 45358-submitter <at> debbugs.gnu.org, Bob Proulx <bob <at> proulx.com>
Subject: bug#45358: bootstrap fails due to a certificate mismatch
Date: Tue, 9 Mar 2021 11:35:58 +0100

Hi,

On Tue, Mar 09, 2021 at 11:28:18AM +0200, Grigoriy Sokolik wrote:
> I've rechecked:

I cannot reproduce the problem, the certificate is trusted by my system:

    # via IPv4
    $ gnutls-cli --verbose translationproject.org </dev/null  | grep -E 'Connecting|Status'
    Connecting to '80.69.83.146:443'...
    - Status: The certificate is trusted. 
    # via IPv6
    $ gnutls-cli --verbose translationproject.org </dev/null  | grep -E 'Connecting|Status'
    Connecting to '2a01:7c8:c037:6::20:443'...
    - Status: The certificate is trusted.

It seems to me as if your system does not trust the used root CA.

>     [...]issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.'[...]

On my Ubuntu 18.04 system, I find it via symlink from /etc/ssl/certs:

    $ ls /etc/ssl/certs/DST_Root_CA_X3.pem -l
    lrwxrwxrwx 1 root root 53 Mai 28  2018 /etc/ssl/certs/DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
    $ certtool --certificate-info < /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt | grep Subject:
    	Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.

HTH,
Erik
-- 
[A]pplied cryptography mostly sucks.
                        -- Green's law of applied cryptography

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.