Julian Andres Klode created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1285
Trying to connect to irc.sekrit.org port 994 fails:
```
$ gnutls-cli irc.sekrit.org -p 994
Processed 128 CA certificate(s).
Resolving 'irc.sekrit.org:994'...
Connecting to '34.86.153.216:994'...
- Successfully sent 0 certificate(s) to server.
- Server has requested a certificate.
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `CN=irc-new.sekrit.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x035246f14a5f17856da061c4af902569e957, RSA key 2048 bits, signed using RSA-SHA256, activated `2021-08-31 11:04:27 UTC', expires `2021-11-29 11:04:26 UTC', pin-sha256="D4UO7EFocRJUU18myirKrVhOKtVztbnmngql
hmVeBp0="
Public Key ID:
sha1:98c0e59729d7dab6587779a831fcbc072f0e9021
sha256:0f850eec4168711254535f26ca2acaad584e2ad573b5b9e69e0aa586655e069d
Public Key PIN:
pin-sha256:D4UO7EFocRJUU18myirKrVhOKtVztbnmngqlhmVeBp0=
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
```
openssl works fine:
```
$ openssl s_client -host irc.sekrit.org -port 994
CONNECTED(00000003)
depth=0 CN = irc-new.sekrit.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = irc-new.sekrit.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:CN = irc-new.sekrit.org
i:C = US, O = Let's Encrypt, CN = R3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISA1JG8UpfF4VtoGHEr5AlaelXMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTA4MzExMTA0MjdaFw0yMTExMjkxMTA0MjZaMB0xGzAZBgNVBAMT
EmlyYy1uZXcuc2Vrcml0Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKXJHa2U/7oUNjM8u5cvniV4YHBJpewsKYhsr9cMSsgOT3TYcSxs/xzQwQuR
rwRM20nZrNakweRhXS++sFFiVh2fbyWWl3U1i1xDDVenhORkTOZ27ZoG7rJjs/2U
fu8BWhMrv8hQrqbpHeLOj7UX2hYackFhxQBkYw91yTFQF/jYVrmOX8OBoBkIXhgF
xbe9VUcLh+8U1/Z3qQyI+logrXNz7P2IsqILSOSCd32t1QcVFm0g6ol+kZwe9X/J
5uC5evi1mHdOzTzWZPQM56CYSV89UsoxRF5sVRbiuoyXdEd54/d+2Q7edcgAl61G
TkpJDWYBpXpthl4H+uCKEGV3ogUCAwEAAaOCAl0wggJZMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQUSPtuimutYnXbwL+im0Zmd8ZzBVAwHwYDVR0jBBgwFoAUFC6zF7dY
VsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw
Oi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy
Lm9yZy8wLQYDVR0RBCYwJIISaXJjLW5ldy5zZWtyaXQub3Jngg5pcmMuc2Vrcml0
Lm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsG
AQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkC
BAIEgfUEgfIA8AB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAAB
e5wYq9sAAAQDAEcwRQIgCRhIKDaFx5IUOuAT2TdiZYSwunNdE+O/6XyudOBZ+nwC
IQC34O9yZusCePy649AmElE9ZSiHCx0gslgOgKEZXBQzmwB2APZclC/RdzAiFFQY
CDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABe5wYq9gAAAQDAEcwRQIgDHSdfhycsMVr
EPDK+WW9Bs2ctgMMuKpxgwsosTy/JGQCIQDo8thv8yS4cGarSV2KleYJkoWI7gtu
B8bUSt7IhZ//UTANBgkqhkiG9w0BAQsFAAOCAQEAi4nL96yScI45iSL75Rdu+DvN
utc4ihLMjPWsGHHJOli55FToqlyVV7zUpKjP44bL6Zinwjl5QKzST3EvZwGqIYCM
nN+DX/3rSewbqtCzJIQ7BhRPX0re6G+kGC9dq1MJbgZsmK/Kbve08lzme5r2eUBR
poBAPRA/pQbmdSJNReWxZAknOeG4bSE4SORP9T9IThTJHblcOYdpZrlSiR86gXYa
4sotBNzEsGGLPuuSaGcfEy4w11jd7jxqwaBc7kL/wDy7SLd+heqx+yoJOocdYH6C
ik8B9VaAAv9GSaTAElXqG98ieWYYBESmk4qkWKck6wtfEmoNrEvFpW/2/WDA0w==
-----END CERTIFICATE-----
subject=CN = irc-new.sekrit.org
issuer=C = US, O = Let's Encrypt, CN = R3
---
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1285
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211028/2b33f462/attachment-0001.html>