[gnutls-devel] GnuTLS | verification error on duplicate server cert in chain (#1335)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Jul 26 15:06:46 CEST 2022 



Pierre Zurek commented:


Hello,

I think I encountered the same issue when trying to clone https://voidpoint.io/terminx/eduke32.

```bash
gnutls-cli voidpoint.io 
Processed 127 CA certificate(s).
Resolving 'voidpoint.io:443'...
Connecting to '212.8.242.14:443'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
 - subject `CN=voidpoint.io', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x03e3fa6d56ff7a9a0d319f14335fdea34302, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-06-24 06:33:18 UTC', expires `2022-09-22 06:33:17 UTC', pin-sha256="aMVMzbZFrzK7cLH4a6uRQm9Bw9kWqdd88TVu4GwVuaA="
        Public Key ID:
                sha1:2c3d9676b9046367de19f2dc8053a30df0c52695
                sha256:68c54ccdb645af32bb70b1f86bab91426f41c3d916a9d77cf1356ee06c15b9a0
        Public Key PIN:
                pin-sha256:aMVMzbZFrzK7cLH4a6uRQm9Bw9kWqdd88TVu4GwVuaA=

- Certificate[1] info:
 - subject `CN=voidpoint.io', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x03e3fa6d56ff7a9a0d319f14335fdea34302, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-06-24 06:33:18 UTC', expires `2022-09-22 06:33:17 UTC', pin-sha256="aMVMzbZFrzK7cLH4a6uRQm9Bw9kWqdd88TVu4GwVuaA="
- Certificate[2] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[3] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1335#note_1038976153
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220726/94ee2fea/attachment-0001.html>

More information about the Gnutls-devel mailing list