Giovanni Biscuolo 写道:
Jack Hill <jackh...@jackhill.us> writes:The error wget gives is a little bit better,
FWIW, I use this (extremely verbose) command to debug/check my own servers:
$ openssl s_client -showcerts -servername voices.transparency.org \
-connect voices.transparency.org:443
Therefore, I think the fix is for voices.transparency.org to update the certificate chain/bundle that they are sending.
They're also sending intermediate certificates that they shouldn't be sending in the first place[0] which doesn't help matters. I agree that this looks like an outdated server (mis)configuration.
Yes. All modern clients and operating systems have the newer, modernCOMODO and USERTrust roots which don’t expire until 2038.
Right, but ‘modern’ there means ~2015. Kind regards, T G-R[0]: https://www.ssllabs.com/ssltest/analyze.html?d=voices.transparency.org&s=52.4.38.70&hideResults=on
signature.asc
Description: PGP signature