> Also what does the curl/nss message say? It's pretty moot. With a hard-coded constant, the error can be narrowed down to SEC_ERROR_EXPIRED_CERTIFICATE. (yes, NSS reports not yet valid cert as expired).
Specific CERT_NOT_YET_VALID error code is only in openssl, which also provides error strings. >>> c.perform() Traceback (most recent call last): File "<stdin>", line 1, in <module> pycurl.error: (60, 'Peer certificate cannot be authenticated with known CA certificates') >>> c.errstr() 'Peer certificate cannot be authenticated with known CA certificates' >>> c.getinfo(pycurl.SSL_VERIFYRESULT) -8181 >>> [i for i in dir(pycurl) if getattr(pycurl,i) == -8181] [] /usr/include/nss3/secerr.h: #define SEC_ERROR_BASE (-0x2000) SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11, _______________________________________________ Yum-devel mailing list [email protected] http://lists.baseurl.org/mailman/listinfo/yum-devel
