That's fixed for me now with the new version of GnuTLS 3.7.1 Thanks! Best regards, Grigorii
On Tue, 9 Mar 2021 at 20:30, Bob Proulx <b...@proulx.com> wrote: > Erik Auerswald wrote: > > Grigoriy Sokolik wrote: > > > I've rechecked: > > > > I cannot reproduce the problem, the certificate is trusted by my system: > > > > # via IPv4 > > $ gnutls-cli --verbose translationproject.org </dev/null | grep -E > 'Connecting|Status' > > Connecting to '80.69.83.146:443'... > > - Status: The certificate is trusted. > > # via IPv6 > > $ gnutls-cli --verbose translationproject.org </dev/null | grep -E > 'Connecting|Status' > > Connecting to '2a01:7c8:c037:6::20:443'... > > - Status: The certificate is trusted. > > I have the same results here. Everything looks okay in the inspection > of it. > > > It seems to me as if your system does not trust the used root CA. > > > > > [...]issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.'[...] > > > > On my Ubuntu 18.04 system, I find it via symlink from /etc/ssl/certs: > > > > $ ls /etc/ssl/certs/DST_Root_CA_X3.pem -l > > lrwxrwxrwx 1 root root 53 Mai 28 2018 > /etc/ssl/certs/DST_Root_CA_X3.pem -> > /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt > > $ certtool --certificate-info < > /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt | grep Subject: > > Subject: CN=DST Root CA X3,O=Digital Signature Trust Co. > > Again same here on my Debian system. The root certificate store for > the trust anchor is in the ca-certificates package. > > Looking at my oldest system I see this is distributed as package > version 20200601~deb9u1 and includes the above file. > > $ apt-cache policy ca-certificates > ca-certificates: > Installed: 20200601~deb9u1 > Candidate: 20200601~deb9u1 > Version table: > *** 20200601~deb9u1 500 > 500 http://ftp.us.debian.org/debian stretch/main amd64 > Packages > 500 http://ftp.us.debian.org/debian stretch-updates/main > amd64 Packages > 100 /var/lib/dpkg/status > > Verifying that the equivalent of ca-certificates is installed on your > system should provide for it. > > As this seems not to be a bug in Coreutils I am marking the bug as > closed with this mail. However more discussion is always welcome. > > Bob >