GNU bug report logs -
#45358
bootstrap fails due to a certificate mismatch
Previous Next
Reported by: "j-james" <jj <at> j-james.me>
Date: Tue, 22 Dec 2020 02:02:01 UTC
Severity: normal
Done: Bob Proulx <bob <at> proulx.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#45358: bootstrap fails due to a certificate mismatch
which was filed against the coreutils package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 45358 <at> debbugs.gnu.org.
--
45358: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=45358
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Erik Auerswald wrote:
> Grigoriy Sokolik wrote:
> > I've rechecked:
>
> I cannot reproduce the problem, the certificate is trusted by my system:
>
> # via IPv4
> $ gnutls-cli --verbose translationproject.org </dev/null | grep -E 'Connecting|Status'
> Connecting to '80.69.83.146:443'...
> - Status: The certificate is trusted.
> # via IPv6
> $ gnutls-cli --verbose translationproject.org </dev/null | grep -E 'Connecting|Status'
> Connecting to '2a01:7c8:c037:6::20:443'...
> - Status: The certificate is trusted.
I have the same results here. Everything looks okay in the inspection
of it.
> It seems to me as if your system does not trust the used root CA.
>
> > [...]issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.'[...]
>
> On my Ubuntu 18.04 system, I find it via symlink from /etc/ssl/certs:
>
> $ ls /etc/ssl/certs/DST_Root_CA_X3.pem -l
> lrwxrwxrwx 1 root root 53 Mai 28 2018 /etc/ssl/certs/DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
> $ certtool --certificate-info < /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt | grep Subject:
> Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.
Again same here on my Debian system. The root certificate store for
the trust anchor is in the ca-certificates package.
Looking at my oldest system I see this is distributed as package
version 20200601~deb9u1 and includes the above file.
$ apt-cache policy ca-certificates
ca-certificates:
Installed: 20200601~deb9u1
Candidate: 20200601~deb9u1
Version table:
*** 20200601~deb9u1 500
500 http://ftp.us.debian.org/debian stretch/main amd64 Packages
500 http://ftp.us.debian.org/debian stretch-updates/main amd64 Packages
100 /var/lib/dpkg/status
Verifying that the equivalent of ca-certificates is installed on your
system should provide for it.
As this seems not to be a bug in Coreutils I am marking the bug as
closed with this mail. However more discussion is always welcome.
Bob
[Message part 3 (message/rfc822, inline)]
When running ./bootstrap in a freshly-cloned repository, it seems to either
not find some files it wants to or doesn't trust https://translationproject.org.
Connecting to https://translationproject.org in a (non-wget) web browser works fine.
The following is the output of ./bootstrap.
```
./bootstrap: Bootstrapping from checked-out coreutils sources...
./bootstrap: consider installing git-merge-changelog from gnulib
./bootstrap: getting gnulib files...
Submodule 'gnulib' (git://git.sv.gnu.org/gnulib.git) registered for path 'gnulib'
Cloning into '/home/teal/Projects/coreutils/gnulib'...
Submodule path 'gnulib': checked out '8183682cc4436bee18007d61bc79938eaf78619a'
./bootstrap: getting translations into po/.reference for coreutils...
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
ERROR: The certificate of 'translationproject.org' is not trusted.
ERROR: The certificate of 'translationproject.org' doesn't have a known issuer.
```
Do let me know if you need more information, or if this is a duplicate report.
-- j-james
This bug report was last modified 4 years and 132 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.