František Krenželok commented: https://gitlab.com/gnutls/gnutls/-/issues/1771#note_2942222823 This is correct behavior, The root certificate `CN=AAA Certificate Services` has been distrusted for TLS by google and Mozilla as is their [policy](https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#74-root-ca-lifecycles), this change has propagated to root stores such as ca-certificates on rhel and fedora. The service provider `app.usmobile.com` should have replaced the intermediate with a newly issued cross-signed certificate https://crt.sh/?id=8505503577 or reissued their leaf/server certificate. Best way to go here is to report it to them. For a **temporary** fix you could add the aforementioned tls distrusted certificate manually to the client. Additional resources: * https://access.redhat.com/solutions/7133942 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1771#note_2942222823 You're receiving this email because of your account on gitlab.com.
_______________________________________________ Gnutls-devel mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-devel
