<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p class="details" style="font-style: italic; color: #777;">
<a href="https://gitlab.com/rockdaboot">Tim Rühsen</a> created an issue:
</p>
<div></div>
<p dir="auto">Some intermediate certs needs to be downloaded to verify the chain, see</p>
<p dir="auto"><a href="https://savannah.gnu.org/bugs/?58097" rel="nofollow noreferrer noopener" target="_blank">https://savannah.gnu.org/bugs/?58097</a></p>
<p dir="auto"><a href="https://discussions.qualys.com/thread/12098" rel="nofollow noreferrer noopener" target="_blank">https://discussions.qualys.com/thread/12098</a></p>
<p dir="auto">Would be nice to have this GnuTLS or at least gnutls-cli.</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ gnutls-cli -V www.xocolatl.com 443</span>
<span id="LC2" class="line" lang="plaintext">gnutls-cli 3.6.12</span>
<span id="LC3" class="line" lang="plaintext">tim@ryzen:~/src/wget2$ gnutls-cli -V www.xocolatl.com 443 </span>
<span id="LC4" class="line" lang="plaintext">Processed 128 CA certificate(s).</span>
<span id="LC5" class="line" lang="plaintext">Resolving 'www.xocolatl.com:443'...</span>
<span id="LC6" class="line" lang="plaintext">Connecting to '116.202.171.177:443'...</span>
<span id="LC7" class="line" lang="plaintext">- Certificate type: X.509</span>
<span id="LC8" class="line" lang="plaintext">- Got a certificate list of 1 certificates.</span>
<span id="LC9" class="line" lang="plaintext">- Certificate[0] info:</span>
<span id="LC10" class="line" lang="plaintext"> - X.509 Certificate Information:</span>
<span id="LC11" class="line" lang="plaintext"> Version: 3</span>
<span id="LC12" class="line" lang="plaintext"> Serial Number (hex): 03a081e7536daaa191406e66046a8cc59bfe</span>
<span id="LC13" class="line" lang="plaintext"> Issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US</span>
<span id="LC14" class="line" lang="plaintext"> Validity:</span>
<span id="LC15" class="line" lang="plaintext"> Not Before: Mon Mar 02 14:50:14 UTC 2020</span>
<span id="LC16" class="line" lang="plaintext"> Not After: Sun May 31 14:50:14 UTC 2020</span>
<span id="LC17" class="line" lang="plaintext"> Subject: CN=chili.xocolatl.com</span>
<span id="LC18" class="line" lang="plaintext"> Subject Public Key Algorithm: RSA</span>
<span id="LC19" class="line" lang="plaintext"> Algorithm Security Level: Medium (2048 bits)</span>
<span id="LC20" class="line" lang="plaintext"> Modulus (bits 2048):</span>
<span id="LC21" class="line" lang="plaintext"> 00:bd:15:47:f4:b4:c5:f5:ae:1e:cd:68:06:99:c6:e7</span>
<span id="LC22" class="line" lang="plaintext"> d3:33:6c:4d:18:36:56:f6:72:c8:08:f2:29:9c:06:88</span>
<span id="LC23" class="line" lang="plaintext"> f4:26:a6:82:d7:54:be:be:1c:4c:04:e0:6b:94:76:d0</span>
<span id="LC24" class="line" lang="plaintext"> b9:c9:99:8b:4c:70:91:89:93:a6:25:ec:b1:af:0a:9a</span>
<span id="LC25" class="line" lang="plaintext"> 60:72:3c:6e:f9:fb:47:a1:62:75:62:ea:e4:00:fb:46</span>
<span id="LC26" class="line" lang="plaintext"> a4:f1:a4:db:e9:3a:5c:44:d6:9c:d3:26:d0:0d:22:67</span>
<span id="LC27" class="line" lang="plaintext"> 82:a6:e4:4b:c6:b1:e4:2a:80:2a:3c:de:2d:1b:c1:a3</span>
<span id="LC28" class="line" lang="plaintext"> 3c:ba:33:d4:57:23:d8:08:6e:81:99:66:e3:84:73:7a</span>
<span id="LC29" class="line" lang="plaintext"> 13:fb:c0:c6:58:5f:4c:df:3a:38:a6:da:6f:ac:f0:d7</span>
<span id="LC30" class="line" lang="plaintext"> 30:b8:00:34:95:b6:6c:4a:5c:2a:8f:a1:b8:62:b0:68</span>
<span id="LC31" class="line" lang="plaintext"> c6:1c:3a:8b:8e:5e:80:24:85:71:ee:da:ea:0b:70:fe</span>
<span id="LC32" class="line" lang="plaintext"> 01:d7:72:48:3f:fc:e7:66:ca:56:5b:5d:7b:16:5e:8f</span>
<span id="LC33" class="line" lang="plaintext"> dd:f4:8a:b9:e9:24:03:c7:2f:b1:f0:fa:2f:96:d4:5f</span>
<span id="LC34" class="line" lang="plaintext"> 3d:bc:8a:e5:8e:20:b4:ee:3e:27:2a:f7:7e:66:66:84</span>
<span id="LC35" class="line" lang="plaintext"> b7:3f:cc:41:23:3d:77:82:a3:cf:e2:31:5b:8c:47:ed</span>
<span id="LC36" class="line" lang="plaintext"> 33:1a:9c:56:17:dc:9f:29:ac:b2:88:5e:73:17:cb:ea</span>
<span id="LC37" class="line" lang="plaintext"> e1</span>
<span id="LC38" class="line" lang="plaintext"> Exponent (bits 24):</span>
<span id="LC39" class="line" lang="plaintext"> 01:00:01</span>
<span id="LC40" class="line" lang="plaintext"> Extensions:</span>
<span id="LC41" class="line" lang="plaintext"> Key Usage (critical):</span>
<span id="LC42" class="line" lang="plaintext"> Digital signature.</span>
<span id="LC43" class="line" lang="plaintext"> Key encipherment.</span>
<span id="LC44" class="line" lang="plaintext"> Key Purpose (not critical):</span>
<span id="LC45" class="line" lang="plaintext"> TLS WWW Server.</span>
<span id="LC46" class="line" lang="plaintext"> TLS WWW Client.</span>
<span id="LC47" class="line" lang="plaintext"> Basic Constraints (critical):</span>
<span id="LC48" class="line" lang="plaintext"> Certificate Authority (CA): FALSE</span>
<span id="LC49" class="line" lang="plaintext"> Subject Key Identifier (not critical):</span>
<span id="LC50" class="line" lang="plaintext"> d0fca29770368ad5e8b43841c0e9db19646ea92c</span>
<span id="LC51" class="line" lang="plaintext"> Authority Key Identifier (not critical):</span>
<span id="LC52" class="line" lang="plaintext"> a84a6a63047dddbae6d139b7a64565eff3a8eca1</span>
<span id="LC53" class="line" lang="plaintext"> Authority Information Access (not critical):</span>
<span id="LC54" class="line" lang="plaintext"> Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)</span>
<span id="LC55" class="line" lang="plaintext"> Access Location URI: http://ocsp.int-x3.letsencrypt.org</span>
<span id="LC56" class="line" lang="plaintext"> Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)</span>
<span id="LC57" class="line" lang="plaintext"> Access Location URI: http://cert.int-x3.letsencrypt.org/</span>
<span id="LC58" class="line" lang="plaintext"> Subject Alternative Name (not critical):</span>
<span id="LC59" class="line" lang="plaintext"> DNSname: chili.xocolatl.com</span>
<span id="LC60" class="line" lang="plaintext"> DNSname: www.xocolatl.com</span>
<span id="LC61" class="line" lang="plaintext"> DNSname: xocolatl.com</span>
<span id="LC62" class="line" lang="plaintext"> Certificate Policies (not critical):</span>
<span id="LC63" class="line" lang="plaintext"> 2.23.140.1.2.1</span>
<span id="LC64" class="line" lang="plaintext"> 1.3.6.1.4.1.44947.1.1.1</span>
<span id="LC65" class="line" lang="plaintext"> URI: http://cps.letsencrypt.org</span>
<span id="LC66" class="line" lang="plaintext"> Unknown extension 1.3.6.1.4.1.11129.2.4.2 (not critical):</span>
<span id="LC67" class="line" lang="plaintext"> ASCII: ......w.^.s..V...6H}.I.2z.........u..qEX...p.........H0F.!..Q!F.....T@.6:$.=.y.......L...i..!...n....9..:_.w8_....e..S.(...P...v......... N.f.+..% gk..p..IS-...^...p.........G0E.!..K|J..x."w.$.......}.Y.C.xd.O..,. 0.9:r....c..x...Z,)..9.>...3....</span>
<span id="LC68" class="line" lang="plaintext"> Hexdump: 0481f300f10077005ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558000001709bf0cead0000040300483046022100a2512146cc919901025440d5363a24a53d02799b96b10bd0f8b84cd08a9969c7022100a6d86effb9fdee3919113a5f9877385fb985f4c965cd94531528d9828150efcc007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e000001709bf0ce9e0000040300473045022100e24b7c4ab21b78d62277e924c68b85ffc1f48d7d0459df43fb7864964f0d042c022030bf393a72b8fabcb9639e8678c3a22e5a2c29ff1839d53e1ceead33fad4ada2</span>
<span id="LC69" class="line" lang="plaintext"> Signature Algorithm: RSA-SHA256</span>
<span id="LC70" class="line" lang="plaintext"> Signature:</span>
<span id="LC71" class="line" lang="plaintext"> 2e:02:db:96:c9:e6:28:73:da:8b:c9:7a:42:00:81:2a</span>
<span id="LC72" class="line" lang="plaintext"> 3d:e7:dc:e6:ff:76:f4:c8:e7:64:82:0a:84:49:6c:a9</span>
<span id="LC73" class="line" lang="plaintext"> ec:b5:33:2a:bb:a9:88:0f:1b:20:4c:ec:c1:f2:14:ae</span>
<span id="LC74" class="line" lang="plaintext"> 61:26:b3:ca:e5:2d:f6:f2:36:a8:0a:1d:98:90:88:c8</span>
<span id="LC75" class="line" lang="plaintext"> 55:c5:a3:33:05:fe:75:3a:23:ce:f1:9c:90:57:72:df</span>
<span id="LC76" class="line" lang="plaintext"> 64:34:26:a2:86:73:7d:a1:44:8d:13:ca:fa:8e:e4:6f</span>
<span id="LC77" class="line" lang="plaintext"> 36:58:01:f1:9c:73:da:51:e5:f8:b1:f6:f5:92:e5:ad</span>
<span id="LC78" class="line" lang="plaintext"> 1f:3b:a6:fc:d5:ca:5d:2f:6d:14:f4:5d:f1:2c:ed:69</span>
<span id="LC79" class="line" lang="plaintext"> 31:72:88:a9:15:a6:f5:a6:56:1f:4c:4b:9b:b7:04:26</span>
<span id="LC80" class="line" lang="plaintext"> 92:9a:aa:37:93:0e:9e:5d:b5:21:0c:48:45:22:63:59</span>
<span id="LC81" class="line" lang="plaintext"> 08:b2:4b:8b:8b:db:a4:e0:f6:3c:d0:f6:47:cd:18:ad</span>
<span id="LC82" class="line" lang="plaintext"> 04:ff:4e:d8:89:7e:1a:c2:ad:4c:e2:54:b4:28:2e:fc</span>
<span id="LC83" class="line" lang="plaintext"> a1:7f:f6:e0:4b:e2:5d:8e:24:0a:ac:ce:3f:0a:dd:de</span>
<span id="LC84" class="line" lang="plaintext"> 4d:dc:75:7e:28:10:4a:3d:41:0d:b9:66:8f:59:15:15</span>
<span id="LC85" class="line" lang="plaintext"> f8:50:dc:29:88:6f:26:cc:ff:d0:ec:2e:5a:9b:a8:43</span>
<span id="LC86" class="line" lang="plaintext"> 25:d8:7a:41:5e:58:29:7e:c1:a1:87:17:12:68:cc:79</span>
<span id="LC87" class="line" lang="plaintext">Other Information:</span>
<span id="LC88" class="line" lang="plaintext"> Fingerprint:</span>
<span id="LC89" class="line" lang="plaintext"> sha1:04e0297bf5bed2239302699b8acce8880bac3d3b</span>
<span id="LC90" class="line" lang="plaintext"> sha256:cc2270f59f27dea652e90a0451d235e37c9b7bf64d1712aaf8a9709351ba3721</span>
<span id="LC91" class="line" lang="plaintext"> Public Key ID:</span>
<span id="LC92" class="line" lang="plaintext"> sha1:6752bef04694d1fe2d0483c6ac18fcabfb690508</span>
<span id="LC93" class="line" lang="plaintext"> sha256:fcdedeb113ed0f8de4f04b9965420a31d9f0af5d3917c70e7f76560933fa1cf7</span>
<span id="LC94" class="line" lang="plaintext"> Public Key PIN:</span>
<span id="LC95" class="line" lang="plaintext"> pin-sha256:/N7esRPtD43k8EuZZUIKMdnwr105F8cOf3ZWCTP6HPc=</span>
<span id="LC96" class="line" lang="plaintext"></span>
<span id="LC97" class="line" lang="plaintext"></span>
<span id="LC98" class="line" lang="plaintext">-----BEGIN CERTIFICATE-----</span>
<span id="LC99" class="line" lang="plaintext">MIIFfTCCBGWgAwIBAgISA6CB51NtqqGRQG5mBGqMxZv+MA0GCSqGSIb3DQEBCwUA</span>
<span id="LC100" class="line" lang="plaintext">MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD</span>
<span id="LC101" class="line" lang="plaintext">ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAzMDIxNDUwMTRaFw0y</span>
<span id="LC102" class="line" lang="plaintext">MDA1MzExNDUwMTRaMB0xGzAZBgNVBAMTEmNoaWxpLnhvY29sYXRsLmNvbTCCASIw</span>
<span id="LC103" class="line" lang="plaintext">DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0VR/S0xfWuHs1oBpnG59MzbE0Y</span>
<span id="LC104" class="line" lang="plaintext">Nlb2csgI8imcBoj0JqaC11S+vhxMBOBrlHbQucmZi0xwkYmTpiXssa8KmmByPG75</span>
<span id="LC105" class="line" lang="plaintext">+0ehYnVi6uQA+0ak8aTb6TpcRNac0ybQDSJngqbkS8ax5CqAKjzeLRvBozy6M9RX</span>
<span id="LC106" class="line" lang="plaintext">I9gIboGZZuOEc3oT+8DGWF9M3zo4ptpvrPDXMLgANJW2bEpcKo+huGKwaMYcOouO</span>
<span id="LC107" class="line" lang="plaintext">XoAkhXHu2uoLcP4B13JIP/znZspWW117Fl6P3fSKuekkA8cvsfD6L5bUXz28iuWO</span>
<span id="LC108" class="line" lang="plaintext">ILTuPicq935mZoS3P8xBIz13gqPP4jFbjEftMxqcVhfcnymssohecxfL6uECAwEA</span>
<span id="LC109" class="line" lang="plaintext">AaOCAogwggKEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI</span>
<span id="LC110" class="line" lang="plaintext">KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU0Pyil3A2itXotDhBwOnb</span>
<span id="LC111" class="line" lang="plaintext">GWRuqSwwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUH</span>
<span id="LC112" class="line" lang="plaintext">AQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5</span>
<span id="LC113" class="line" lang="plaintext">cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5</span>
<span id="LC114" class="line" lang="plaintext">cHQub3JnLzA9BgNVHREENjA0ghJjaGlsaS54b2NvbGF0bC5jb22CEHd3dy54b2Nv</span>
<span id="LC115" class="line" lang="plaintext">bGF0bC5jb22CDHhvY29sYXRsLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr</span>
<span id="LC116" class="line" lang="plaintext">BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0</span>
<span id="LC117" class="line" lang="plaintext">Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AF6nc/nfVsDntTZIfdBJ4DJ6</span>
<span id="LC118" class="line" lang="plaintext">kZoMhKESEoQYdZaBcUVYAAABcJvwzq0AAAQDAEgwRgIhAKJRIUbMkZkBAlRA1TY6</span>
<span id="LC119" class="line" lang="plaintext">JKU9AnmblrEL0Pi4TNCKmWnHAiEApthu/7n97jkZETpfmHc4X7mF9MllzZRTFSjZ</span>
<span id="LC120" class="line" lang="plaintext">goFQ78wAdgCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAXCb8M6e</span>
<span id="LC121" class="line" lang="plaintext">AAAEAwBHMEUCIQDiS3xKsht41iJ36STGi4X/wfSNfQRZ30P7eGSWTw0ELAIgML85</span>
<span id="LC122" class="line" lang="plaintext">OnK4+ry5Y56GeMOiLlosKf8YOdU+HO6tM/rUraIwDQYJKoZIhvcNAQELBQADggEB</span>
<span id="LC123" class="line" lang="plaintext">AC4C25bJ5ihz2ovJekIAgSo959zm/3b0yOdkggqESWyp7LUzKrupiA8bIEzswfIU</span>
<span id="LC124" class="line" lang="plaintext">rmEms8rlLfbyNqgKHZiQiMhVxaMzBf51OiPO8ZyQV3LfZDQmooZzfaFEjRPK+o7k</span>
<span id="LC125" class="line" lang="plaintext">bzZYAfGcc9pR5fix9vWS5a0fO6b81cpdL20U9F3xLO1pMXKIqRWm9aZWH0xLm7cE</span>
<span id="LC126" class="line" lang="plaintext">JpKaqjeTDp5dtSEMSEUiY1kIskuLi9uk4PY80PZHzRitBP9O2Il+GsKtTOJUtCgu</span>
<span id="LC127" class="line" lang="plaintext">/KF/9uBL4l2OJAqszj8K3d5N3HV+KBBKPUENuWaPWRUV+FDcKYhvJsz/0OwuWpuo</span>
<span id="LC128" class="line" lang="plaintext">QyXYekFeWCl+waGHFxJozHk=</span>
<span id="LC129" class="line" lang="plaintext">-----END CERTIFICATE-----</span>
<span id="LC130" class="line" lang="plaintext"></span>
<span id="LC131" class="line" lang="plaintext">- Status: The certificate is NOT trusted. The certificate issuer is unknown. </span>
<span id="LC132" class="line" lang="plaintext">*** PKI verification of server certificate failed...</span>
<span id="LC133" class="line" lang="plaintext">*** Fatal error: Error in the certificate.</span></code></pre>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/968">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/1cb0ac04d246549c58cf36a890583cdc/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/968"}}</script>
</p>
</div>
</body>
</html>