[gnutls-devel] GnuTLS | Verification failed for archive.mesa3d.org (#1357)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon May 2 12:10:32 CEST 2022 


Jookia created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1357



## Description of problem:

Certificate verification fails for archive.mesa3d.org .

## Version of gnutls used:

3.4.7

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

Ubuntu Jammy
Built from source on Ubuntu and Arch

## How reproducible:

Steps to Reproduce:

 * gnutls-cli archive.mesa3d.org

## Actual results:

```
Processed 127 CA certificate(s).
Resolving 'archive.mesa3d.org:443'...
Connecting to '131.252.210.176:443'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
 - subject `CN=archive.mesa3d.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04b4095290dbfcdf9ea4b9fceb4626e379f7, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-03-05 21:17:47 UTC', expires `2022-06-03 21:17:46 UTC', pin-sha256="TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8="
        Public Key ID:
                sha1:6d6cb1c5e6991c97aacad8a7b4e6f765cc40bfd0
                sha256:4cbcd109d2aa725a553f9a7942c467cf38d42ca460dadd05039a8f690f40aecf
        Public Key PIN:
                pin-sha256:TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8=

- Certificate[1] info:
 - subject `CN=archive.mesa3d.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04b4095290dbfcdf9ea4b9fceb4626e379f7, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-03-05 21:17:47 UTC', expires `2022-06-03 21:17:46 UTC', pin-sha256="TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8="
- Certificate[2] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[3] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
```

## Expected results:


```
Processed 153 CA certificate(s).
Resolving 'archive.mesa3d.org:443'...
Connecting to '2610:10:20:722:a800:ff:feda:470f:443'...
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
 - subject `CN=archive.mesa3d.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04b4095290dbfcdf9ea4b9fceb4626e379f7, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-03-05 21:17:47 UTC', expires `2022-06-03 21:17:46 UTC', pin-sha256="TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8="
	Public Key ID:
		sha1:6d6cb1c5e6991c97aacad8a7b4e6f765cc40bfd0
		sha256:4cbcd109d2aa725a553f9a7942c467cf38d42ca460dadd05039a8f690f40aecf
	Public Key PIN:
		pin-sha256:TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8=

- Certificate[1] info:
 - subject `CN=archive.mesa3d.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04b4095290dbfcdf9ea4b9fceb4626e379f7, RSA key 2048 bits, signed using RSA-SHA256, activated `2022-03-05 21:17:47 UTC', expires `2022-06-03 21:17:46 UTC', pin-sha256="TLzRCdKqclpVP5p5QsRnzzjULKRg2t0FA5qPaQ9Ars8="
- Certificate[2] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[3] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
- Status: The certificate is trusted. 
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1357
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220502/1df51cef/attachment.html>

More information about the Gnutls-devel mailing list