GNU bug report logs - #45358
bootstrap fails due to a certificate mismatch

Previous Next

Package: coreutils;

Reported by: "j-james" <jj <at> j-james.me>

Date: Tue, 22 Dec 2020 02:02:01 UTC

Severity: normal

Done: Bob Proulx <bob <at> proulx.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Grigoriy Sokolik <g.sokol99 <at> g-sokol.info>
To: Bob Proulx <bob <at> proulx.com>
Cc: Erik Auerswald <auerswal <at> unix-ag.uni-kl.de>, 45358-done <at> debbugs.gnu.org, 45358-submitter <at> debbugs.gnu.org
Subject: bug#45358: bootstrap fails due to a certificate mismatch
Date: Wed, 10 Mar 2021 16:10:33 +0200

[Message part 1 (text/plain, inline)]
That's fixed for me now with the new version of GnuTLS 3.7.1

Thanks!
Best regards,
Grigorii


On Tue, 9 Mar 2021 at 20:30, Bob Proulx <bob <at> proulx.com> wrote:

> Erik Auerswald wrote:
> > Grigoriy Sokolik wrote:
> > > I've rechecked:
> >
> > I cannot reproduce the problem, the certificate is trusted by my system:
> >
> >     # via IPv4
> >     $ gnutls-cli --verbose translationproject.org </dev/null  | grep -E
> 'Connecting|Status'
> >     Connecting to '80.69.83.146:443'...
> >     - Status: The certificate is trusted.
> >     # via IPv6
> >     $ gnutls-cli --verbose translationproject.org </dev/null  | grep -E
> 'Connecting|Status'
> >     Connecting to '2a01:7c8:c037:6::20:443'...
> >     - Status: The certificate is trusted.
>
> I have the same results here.  Everything looks okay in the inspection
> of it.
>
> > It seems to me as if your system does not trust the used root CA.
> >
> > >     [...]issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.'[...]
> >
> > On my Ubuntu 18.04 system, I find it via symlink from /etc/ssl/certs:
> >
> >     $ ls /etc/ssl/certs/DST_Root_CA_X3.pem -l
> >     lrwxrwxrwx 1 root root 53 Mai 28  2018
> /etc/ssl/certs/DST_Root_CA_X3.pem ->
> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
> >     $ certtool --certificate-info <
> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt | grep Subject:
> >       Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.
>
> Again same here on my Debian system.  The root certificate store for
> the trust anchor is in the ca-certificates package.
>
> Looking at my oldest system I see this is distributed as package
> version 20200601~deb9u1 and includes the above file.
>
>     $ apt-cache policy ca-certificates
>     ca-certificates:
>       Installed: 20200601~deb9u1
>       Candidate: 20200601~deb9u1
>       Version table:
>      *** 20200601~deb9u1 500
>             500 http://ftp.us.debian.org/debian stretch/main amd64
> Packages
>             500 http://ftp.us.debian.org/debian stretch-updates/main
> amd64 Packages
>             100 /var/lib/dpkg/status
>
> Verifying that the equivalent of ca-certificates is installed on your
> system should provide for it.
>
> As this seems not to be a bug in Coreutils I am marking the bug as
> closed with this mail.  However more discussion is always welcome.
>
> Bob
>

[Message part 2 (text/html, inline)]
This bug report was last modified 4 years and 133 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.